I have a problem with setuid script. I have tracked down to the following example. A perl script is setuid, calls another, not setuid script with system. If the argument contain a quote, setuid is not performed, otherwise it is set.
cd /home/foo cat >suid-example <<'_end' #!/usr/bin/perl print STDERR "suid-example $< $>\n"; delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; $ENV{PATH} = "/home/foo"; system("/home/foo/nosuid-example arg"); system("/home/foo/nosuid-example \"arg\""); _end chown root.root suid-example chmod 4755 suid-example cat >nosuid-example <<'_end' #!/usr/bin/perl print STDERR "nosuid-example $< $>\n"; _end chmod 755 nosuid-example Executing ./suid-example as non-privileged user sets the effective uid in the first system call but not in the second. Any hint greatly appreciated. --Michi -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/