jimmy@pyrltd.UUCP (Jimmy Aitken) (02/21/90)
According to the manual, there a re certain checks done when running a
setuid perl script to check whether or not opertaions are safe or not.
I've run into problems with this when running perl scripts when I've
su-ed to root. The scripts aren't setuid, but complain none the less.
For example, the 'rename' script below, tells me about 'Insecure PATH"
at line 4. If I set the PATH explicitly, it then complains thus:
Insecure dependency in eval at ./ren line 8, <_GEN_0> line 33;
If I run this as me, everything works fine. I was wondering if there
could be a flag added to allow 'tainted' variables and insecure
dependencies and paths to be 'ignored' so that things like the above
could work. I know that this could be dangerous, in that it could
become the default and people use it when they can't be bothered to
work out a secure script.
Other than that, can anyone tell me how to get the program to work
when I'm root?
-----
#!/usr/local/bin/perl
$_=($subst = shift);
$ENV{'PATH'}="/bin:/usr/bin";
@ARGV = <*> if $#ARGV < 0;
foreach $name (@ARGV) {
$_ = $name;
eval "$subst;";
die $@ if $@;
rename($name,$_) unless ($name eq $_);
}
-----
Jimmy
--
-m------- Jimmy Aitken ...!mcvax!ukc!pyrltd!jimmy
---mmm----- Pyramid Technology Ltd jimmy@pyra.co.uk
-----mmmmm--- Pyramid House, Solartron Rd jimmy@pyramid.pyramid.com
-------mmmmmmm- Hants GU14 7PL, ENGLAND (+44) 252 373035lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall) (02/23/90)
In article <1731@pyrltd.UUCP> jimmy@pyrltd.UUCP (Jimmy Aitken) writes:
: According to the manual, there a re certain checks done when running a
: setuid perl script to check whether or not opertaions are safe or not.
: I've run into problems with this when running perl scripts when I've
: su-ed to root. The scripts aren't setuid, but complain none the less.
: For example, the 'rename' script below, tells me about 'Insecure PATH"
: at line 4. If I set the PATH explicitly, it then complains thus:
: Insecure dependency in eval at ./ren line 8, <_GEN_0> line 33;
:
: If I run this as me, everything works fine. I was wondering if there
: could be a flag added to allow 'tainted' variables and insecure
: dependencies and paths to be 'ignored' so that things like the above
: could work. I know that this could be dangerous, in that it could
: become the default and people use it when they can't be bothered to
: work out a secure script.
:
: Other than that, can anyone tell me how to get the program to work
: when I'm root?
Either your su program is weird, or you're getting to be root by executing
some other setuid root program. Whatever, for some reason your real uid
and effective uid don't match, so perl assumes it's running a script with
a wrapper. It can't know that its parent wasn't intended to be a wrapper.
In all the su programs I'm familiar with, both real and effective uid are
changed, so that it doesn't look like you are running in the context
of some setuid program.
There is a -U switch that can turn the fatal errors into warnings, but
I don't recommend you use that. What you really want to do is to make
sure the root shell you're running has a real uid that matches its effective
uid. You'll have to modify whatever you're su'ing with to put a
setuid(geteuid()) (or setruid(geteuid())) into it. If you can't do
that, then you might have to exec something when you first su that
does this for you and then execs a new shell. In perl such a thing
would be:
$ cat sushell
#!/usr/bin/perl
$verbose = 1;
print STDERR "Changing real uid $< to $>\n" if $verbose;
$< = $>;
$shell = $ENV{'SHELL'} # or whatever
exec $shell '-u'; # or whatever
$ su root
Password:
# exec sushell (exec to discard current shell)
Changing real uid 123 to 0
# (new shell with proper real uid)
You could probably find a way to make this happen automatically with
a .cshrc or .profile. Or fake su into running your sushell program instead
of a real shell.
Larry