setuid

Jay jay at kinetic.org
Sat Dec 12 22:25:00 PST 1998 

On Sat, 12 Dec 1998, Ivan Kohler wrote:

> 
> I believe Linux 2.0.x ignores the suid bit on scripts.  Perl provides
> setuid emulation - see the perlsec manpage for details.  On Debian, I
> install a separate package `perl-suid' to enable this.  I would imagine
> that Slackware has a similar package.  (With OS's that don't include Perl
> you need to recompile it.) 

My distro did include Perl5. I checked out the perlsec manpage, but that
recommended that I should rename all of the CGI scripts and then create
small C wrappers (with the original script name) to be setuid to call the
newly named CGI. While I am sure that is a possible (but pain in the neck)
solution, there has to be an easier/better way. :) I did try the perlsec
method on the cust_main.cgi script, however when I executed the new C code
that calls the original CGI script, it complains that setuid is still
allowed in my kernel. Unfortunately, I am not enough of a coder to get
into the kernel source and try to track that down.

This brings me to a couple of questions: #1) how to I disable the setuid
stuff in the kernel so that the perlsec method will work? #2) will I need
to create a C wrapper for _every_ setuid CGI script in the FreeSide
package? Finally, #3) where can I get information about that perl-suid
package?

> 
> Are you sure?  *scripts*, not ELF executables?  What language?
> 

Hmmm...good point. I just tested it with a quick bash shell script. It did
not work. The script was setuid to user 'jay' but when I executed it (as
user 'root') it ran as 'root'. Thus, it would seem that all of my other
setuid stuff are ELF binaries. 

So, now that I know my kernel will not support suid scripts, and I do not
have the perl-suid pagkage, and the perlsec method (making C wrappers for
every suid CGI) doesn't work because of something still enabled in my
kernel -- any ideas? :) Thanks for the help. 

~Jay

> -- 
> Ivan Kohler <ivan at sisd.com> - finger for PGP key - <moc.dsis at navi> relhoK navI
> Open-source billing and administration for ISPs - http://www.sisd.com/freeside
> 20 4,16 * * * saytime # please don't be surprised if you find me dreaming too
> 

- J a y   J a c o b s o n
- - - - - - - - - - - - - - - - - -
- jay at kinetic.org   www.kinetic.org

Quantum Mechanics: The dreams stuff is made of.

More information about the freeside-users mailing list