Perl and setuid
Keary Suska
aksuska at webflyer.com
Tue Jun 5 17:35:55 CDT 2001
Is the web server running a cgi wrapper program? Perhaps that is running
interference. Another possibility is that the kernel isn't allowing setuid
from nobody, but that's a long shot. I have heard that some systems are
picky about the uid of nobody as regards setuid, notably Solaris, which
won't allow setuid if from a uid of -2.
That's all I can think of. Can you test the cgi from the command line to see
if it will setuid from an account other than nobody?
That's all I can think of...
-K
"Do not meddle in the affairs of wizards, for they are subtle and quick to
anger."
> From: John Evans <evansj at kilnar.com>
> Date: Tue, 5 Jun 2001 18:05:25 -0400 (EDT)
> To: Pikes Peak Perl Mongers <pikes-peak-pm-list at happyfunball.pm.org>
> Subject: Re: Perl and setuid
>
> On Tue, 5 Jun 2001, Keary Suska wrote:
>
>> Isn't that supposed to be "chmod 4755" ?
>
> 4755 is setuid. 6755 is setuid and setgid. Either one should work for what
> I'm doing and I've tried both to no avail.
>
>
>>
>> Remember that suid Perl scripts have taint checking automatically turned on,
>> which can cause significant gotchas for scripts that aren't expecting it. Of
>> course, any good cgi should be run under taint checking....
>
> It was written with taint checking already in mind, so that's not a
> biggie. It's handling everything in that aspect fine.
>
> --
> John Evans
> http://evansj.kilnar.com/
>
>
>
More information about the Pikes-peak-pm
mailing list