adler@arrester.caltech.edu (Bo Adler) (06/09/90)
I've been playing around with set-uid scripts, and no matter what I answer in Configure, I always get the same message "SET UID SCRIPTS HAVE NOT BEEN DISABLED IN YOUR KERNEL. FIX YOUR KERNAL ...". Also, even when this happens, if I do "perl -d script.pl", where script.pl is a suid script, it WILL execute. To me, something seems truly wrong if a script won't run normally suid, but will if I invoke the debugger. While I'm at it, what exactly is the "C WRAPPER" that is mentioned in that message? I've heard the phrase before, but I don't understand it in this context. And finally, the source for Configure mentions "metaconfig"... is this program available via anon ftp? Could anyone tell me where to find this? Thanks in advance, B. Thomas Adler
lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall) (06/11/90)
In article <adler.644896727@arrester> adler@arrester.caltech.edu (Bo Adler) writes:
: I've been playing around with set-uid scripts, and no matter what
: I answer in Configure, I always get the same message "SET UID SCRIPTS
: HAVE NOT BEEN DISABLED IN YOUR KERNEL. FIX YOUR KERNAL ...".
:
: Also, even when this happens, if I do "perl -d script.pl", where
: script.pl is a suid script, it WILL execute. To me, something seems
: truly wrong if a script won't run normally suid, but will if I invoke
: the debugger.
That's because you're invoking perl directly, so it's not trying to
run it setuid.
: While I'm at it, what exactly is the "C WRAPPER" that is mentioned in
: that message? I've heard the phrase before, but I don't understand it
: in this context.
It means a setuid compiled program that executes the script, so that the
script itself doesn't have to be setuid. I'll enclose a script that does
that at the end.
An alternative is to compile the script using the dump operator and the
undump program (if it's available for your system), then make that setuid.
If you do this, you should compile it using taintperl so you get the
tainting checks.
: And finally, the source for Configure mentions "metaconfig"... is this
: program available via anon ftp? Could anyone tell me where to find this?
There's an old version available on my system, but the version currently
in use with Perl hasn't been released yet.
Larry Wall
lwall@jpl-devvax.jpl.nasa.gov
#!/bin/sh
: make a subdirectory, cd to it, and run this through sh.
echo 'If this kit is complete, "End of kit" will echo at the end'
echo Extracting suidscript
sed >suidscript <<'!STUFFY!FUNK!' -e 's/X//'
X#!/usr/bin/perl
X
X# Usage: suidscript [dirnames]
X
X# Fixes any setuid scripts it finds in the named directories. Assumes
X# your find knows about -xdev. With no arguments, tries to fix all
X# setuid scripts on the whole system.
X
Xif ($#ARGV >= 0) {
X @list = @ARGV;
X foreach $name (@ARGV) {
X die "You must use absolute pathnames.\n" unless $name =~ m|^/|;
X }
X}
Xelse {
X open(DF,"/etc/mount|") || die "Can't run /etc/mount";
X
X while (<DF>) {
X chop;
X $_ .= <DF> if length($_) < 50;
X @ary = split;
X push(@list,$ary[2]) if ($ary[0] =~ m|^/dev|);
X }
X}
X$fslist = join(' ',@list);
X
Xdie "Can't find local filesystems" unless $fslist;
X
Xopen(FIND,
X "find $fslist -xdev -type f \\( -perm -04000 -o -perm -02000 \\) -print|");
X
Xwhile (<FIND>) {
X chop;
X next unless -T;
X print "Fixing ", $_, "\n";
X ($dir,$file) = m|(.*)/(.*)|;
X chdir $dir || die "Can't chdir to $dir";
X ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime,
X $blksize,$blocks) = stat($file);
X die "Can't stat $_" unless $ino;
X chmod $mode & 01777, $file; # wipe out set[ug]id bits
X rename($file,".$file");
X open(C,">.tmp$$.c") || die "Can't write C program for $_";
X $real = "$dir/.$file";
X print C <<EOF;
Xmain(argc,argv)
Xint argc;
Xchar **argv;
X{
X execv("' . $real . '",argv);
X}
XEOF
X close C;
X system '/bin/cc', ".tmp$$.c", '-o', $file;
X die "Can't compile new $_" if $?;
X chmod $mode, $file;
X chown $uid, $gid, $file;
X unlink ".tmp$$.c";
X chdir '/';
X}
!STUFFY!FUNK!
echo ""
echo "End of kit"
: I do not append .signature, but someone might mail this.
exit