I have a problem with setuid script. I have tracked down to the
following example.
A perl script is setuid, calls another, not setuid script with system.
If the argument contain a quote, setuid is not performed, otherwise it
is set.
cd /home/foo
cat >suid-example <<'_end'
#!/usr/bin/perl
print STDERR "suid-example $< $>\n";
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
$ENV{PATH} = "/home/foo";
system("/home/foo/nosuid-example arg");
system("/home/foo/nosuid-example \"arg\"");
_end
chown root.root suid-example
chmod 4755 suid-example
cat >nosuid-example <<'_end'
#!/usr/bin/perl
print STDERR "nosuid-example $< $>\n";
_end
chmod 755 nosuid-example
Executing ./suid-example as non-privileged user sets the effective uid
in the first system call but not in the second.
Any hint greatly appreciated.
--Michi
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
