Re: Authorization - Perl as helper tool vs. SUID
Re: Authorization - Perl as helper tool vs. SUID
- Subject: Re: Authorization - Perl as helper tool vs. SUID
- From: Freek Dijkstra <email@hidden>
- Date: Tue, 11 Jan 2005 12:38:42 +0100
Sherm Pendley wrote:
On Jan 10, 2005, at 4:22 PM, Nick Zitzmann wrote:
I don't think that will work. The Perl script will not run because
Perl will not execute the script when the privileges are elevated but
the UID is not root.
Hmmm... that would complicate things. But I'm not certain it's true - I
don't know of any such checks in Perl. Nothing personal, but I think
I'll run a few tests to verify this... :-)
I recall that this is not Perl related, but a system-wide feature
enforced by most Unix kernels: it is not allowed to run a script with
setuid bit set. A script is defined as anything with a shebang (#!)
line. At least Linux has this feature, Darwin too apparently.
Google: http://c2.com/cgi/wiki?CgiScriptSecurity
The recommended solution is indeed to create a C wrapper script. An
other, but insanely insecure option (so don't even think about it) is to
copy /usr/bin/perl to /usr/local/bin/perl_setuid and make that setuid.
When Googling, I saw a notice from someone saying that perl has some
workarounds. It didn't list any specifics though.
Regards,
Freek Dijkstra
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden