Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Setuid script not working

by druidmatrix (Acolyte)
on Apr 30, 2010 at 05:24 UTC ( [id://837689]=perlquestion: print w/replies, xml ) Need Help??

druidmatrix has asked for the wisdom of the Perl Monks concerning the following question:

Hello Monks,

I have a simple setuid script: 

#!/usr/bin/perl -T
#
use POSIX qw(setuid setgid);
if ($<) {
        $( = $) = 0;
        $< = $> = 0;
        print "Could not setuid ".$<." \n" if ($<);
        POSIX::setuid(0) if ($<);
        print "Posix could not setuid either ".$<." \n" if ($<);
}

[download]

I have the sticky bit set and the file is owned by root: 

-rwsrwx--- 1 root csit 237 2010-04-30 01:16 setuid.pl

[download]
The output to the above is: 
Could not setuid 500
Posix could not setuid either 500

[download]

My perl version is v5.10.1 and this is running on Fedora 10. I have also set selinux enforcing to "permissive".

TIA.

Replies are listed 'Best First'.
Re: Setuid script not working
by afoken (Chancellor) on Apr 30, 2010 at 05:57 UTC

    Why did you omit any error checking? perlvar clearly states: Since changes to $< require a system call, check $! after a change attempt to detect any possible errors, similar statements exist for $>, $(, and $).

    Alexander

    --
    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
[reply]
[d/l]
[select]

      Thank you for your response. I looked for $! and sure enough it is populated, but does not explain why it failed. 

      $< = $> = 0;
        print "Could not setuid ".$<." error: $! \n" if ($<);
        POSIX::setuid(0) if ($<);
        print "Posix could not setuid either ".$<." error: $! \n" if (
+$<);

      [download]
      It now produces: 
      Could not setuid 500 error: Operation not permitted
Posix could not setuid either 500 error: Operation not permitted

      [download]
[reply]
[d/l]
[select]
        but does not explain why it failed.

        Yes it does, Operation not permitted. Oh you want to know why it isn't permitted? You'll have to rule out each possibility (or use strace, OS usually doesn't provide backtrace)

[reply]
Re: Setuid script not working
by MidLifeXis (Monsignor) on Apr 30, 2010 at 13:32 UTC
    I have the sticky bit set and the file is owned by root:

    Just as a terminology clarification, this is the setuid bit, not the sticky bit. The sticky bit has a very different meaning from setuid bit or setgid bit. It also behaves differently based on if the target is a file or a directory.

    The documentation and behavior of what the sticky bit does is typically not well understood among even experienced system administrators (my own experience), partly due to poor, incomplete, or inconsistent documentation of the bit and infrequent use.

    --MidLifeXis

[reply]
      Good point. I stand corrected. Thank you.
[reply]
Re: Setuid script not working
by Khen1950fx (Canon) on Apr 30, 2010 at 05:41 UTC
    My guess is that you might need to download and install the perl-suidperl rpm for Fedora 10.
[reply]
      This would not be possible since since the perl install is a custom build, and not from an RPM. Are you saying that there is a switch to turn on setuid scripts for the Configure script (and by default it is off)? In that case would you please elaborate, since I didn't find that?
[reply]
[reply]
[d/l]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://837689]
Approved by planetscape
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others taking refuge in the Monastery: (4)
As of 2024-04-23 22:15 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found