Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re^5: Automating sudo actions

by tilly (Archbishop)
on Jan 25, 2011 at 16:04 UTC ( [id://884161]=note: print w/replies, xml ) Need Help??


in reply to Re^4: Automating sudo actions
in thread Automating sudo actions

There is always a possible hack. For instance you can: 
open(my $shell, "|-", "sudo perl") or die "Can't pipe to bash: $!";
print $shell "$password\n";
sleep(1); # Make sure that Perl has started.  This is likely unneeded.
print $shell $some_perl_script;
close($shell) or die $! ? "Error closing pipe: $!"
                        : "Exit status $? from perl child";

[download]
And now you can execute an arbitrary Perl script, as root, without installing anything. (Assuming that you have the password.) You can do the same thing over ssh.

Of course this is very much the wrong way to do it. Your root password is now available to anyone who can read the script. A much, much better approach is to find standard, more secure, ways to get a passwordless escalation. For instance locally use setuid. Remotely you can follow the advice at http://www.debian-administration.org/articles/152 and set up secure passwordless logins that use secure public keys. (If you're doing this from a shared box, you may want to set those up from some privileged account, and then have setuid scripts that can run as that account.)

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://884161]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others cooling their heels in the Monastery: (4)
As of 2024-04-19 05:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found