Date: Mon, 25 Nov 1996 19:40:43 +0100 From: roberto@keltia.freenix.fr (Ollivier Robert) To: ports@FreeBSD.org, hackers@FreeBSD.org Subject: Re: suidperl (v5.003) - Doesn't work, Any Tips? Message-ID: <Mutt.19961125194043.roberto@keltia.freenix.fr> In-Reply-To: <199611250947.KAA16780@uriah.heep.sax.de>; from J Wunsch on Nov 25, 1996 10:47:58 %2B0100 References: <Mutt.19961124183746.rhh@elmer.ct.picker.com> <199611250947.KAA16780@uriah.heep.sax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
According to J Wunsch: > This looks as if somebody stupidly assumed the Perl gods are DingTRT. > They aren't. The entire suidperl patches for BSD they've been > emitting don't work. The only thing that works is dropping support > for Posix saved IDs (which was the source of the known suidperl evil It works in Perl5.003_08, out-of-the-box. It doesn't use POSIX saved uid anymore. Perl5.004 will behave the same of course. 309 [19:36] roberto@keltia:~/tmp> ./setu argv[0] ./setu Perl=/usr/local/bin/perl Inside script real uid = 101 effective uid = 0 real gid = 10 2001 2000 117 100 21 20 15 8 6 5 2 0 10 effective gid = 10 2001 2000 117 100 21 20 15 8 6 5 2 0 10 setting effective uid to 1 real uid = 101 effective uid = 1 real gid = 10 2001 2000 117 100 21 20 15 8 6 5 2 0 10 effective gid = 10 2001 2000 117 100 21 20 15 8 6 5 2 0 10 setting effective uid to 0 real uid = 101 effective uid = 0 Here is the script: -rwsr-xr-x 1 root staff 418 Nov 25 19:37 setu #! /usr/local/bin/perl # print "argv[0]=$0 Perl=$^X\n"; print "\nInside script\n"; print "real uid = $<\n effective uid = $>\n"; print "real gid = $(\n effective gid = $)\n"; # print "\nsetting effective uid to 1\n"; $> = 1; $) = $(; print "real uid = $<\n effective uid = $>\n"; print "real gid = $(\n effective gid = $)\n"; print "\nsetting effective uid to 0\n"; $> = 0; print "real uid = $<\n effective uid = $>\n"; -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #29: Sun Nov 24 16:05:46 MET 1996
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Mutt.19961125194043.roberto>