http://qs321.pair.com?node_id=6474


in reply to How to determine the program path from a set-uid program

I have found this works quite well as a work-around.

Wrap all calls to perl into a binary that is SUID. At the top of any script needing to go suid, put something like:

  #!/bin/sh
     eval 'exec /usr/local/bin/perlwrap $0 {$1+"$@"}'
     if 0;
where /usr/local/bin/perlwrap has the SUID bit correctly set. The name the script was actually called as ( including the path component ) and all the remaining command line arguments are sent to the wrapper as arguments. The wrapper does the SUID stuff and then runs the script, passing along the arguments. Since the script itself was never SUID, you don't get the file descriptor problem.

You can then use a special ID to control which scripts can and cannot go SUID. Basically, if the script isn't owned by the special ID the permissions get reset to the user's before the script is run.

If you need more help, email me and I will do what I can.

HTH,
Mik Firestone ( perlus bigotus maximus )