[Linux] suid scripts
Danny Rathjens
dkr@hq.mycity.com
Tue, 03 Oct 2000 14:51:33 +0000
Yes. In fact, there is a bug with apache/mod_perl if you don't.
http://perl.apache.org/guide/control.html#SUID_Start_up_Scripts
Brian Horan wrote:
>
> Wouldn't something like setreuid() work a bit better, setting both real and
> effective uid's?
> because if your gona do something as root, you might as well be root?
>
> Pablo Averbuj wrote:
>
> > .----| Danny Rathjens (Mon, Oct 02, at 08:08PM) |--------------
> > | Am I going senile? Any idea why this doesn't work?
> > | (I did RH7-custom-upgrade a week ago)
> >
> > Like kendrick mentioned, no suid shell scripts. You can either use sudo or
> > a C wrapper.
> > [ .. searching for code .. ]
> > Ah! here it is:
> >
> > --------- wrap.c ------------
> > #define REAL_PATH "/path/to/script"
> > main(ac, av)
> > char **av;
> > {
> > setuid(0);
> > execv(REAL_PATH, av);
> > }
> > -----------------------------
> >
> > If you're writing in perl, try suidperl but read all the rtfm a bit first as
> > there may be some precautions you should be taking (like taint checks).
> >
> > --
> > --[ Pablo Averbuj ]--%--[ pablo@averbuj.com ]-%-[ http://pablo.averbuj.com ]--
> > ---[ Finger pablo@averbuj.com for PGP key ]---%---[ Perl Warrior at large ]---
> >
> > _______________________________________________
> > Linux mailing list
> > Linux@flux.org
> > http://www.flux.org/mailman/listinfo/linux
>
> --
> ,~,
> v Brian Horan
> /(|)\ Systems Analyst/Programmer
> /( | )\ Miami Herald Publishing Company
> //( | )\\ bhoran@herald.com cell: (954) 296-7807
> -----"-"-----------------------------------------
>
> _______________________________________________
> Linux mailing list
> Linux@flux.org
> http://www.flux.org/mailman/listinfo/linux
--
struct Programmer/Analyst 'Danny Rathjens' {this.place =
"MyCity.com";}
I know you believe you understood what you think I said, but I am not
sure
you realize that what you heard is not what I meant.