"Webmaster da Prover Internet" <[EMAIL PROTECTED]> writes:
> Hi guys!
>
> I've write a perl script suid root that runs ok in a 5.3 box but in my =
> 6.0 box it isnt running.
> I get this message:
> "Cant do setuid"
>
> I've written a C wrapper and it is running as root but the script itself =
> refuses to run as root in 6.0
>
> Can someone give a tip on this?
>
>
> []s
> Renato Arrudas Ornelas
> Webmaster da Rede Prover Internet
> http://www.prover.com.br
> [EMAIL PROTECTED]
I encountered this myself -- perl now checks for this and your perl
script is taking chances with something the outside world handed you.
The easiest solution is to do some sort of string manipulation with
all data handed you from outside before passing it to another program.
Also get rid of root privilidges as soon as you can:
#
# Done with root priviledge -- now drop it Needs use English;
$EUID = $UID;
$EGID = $GID; # XXX: initgroups() not called
See man perlsec for more details (or post the script).
Hope this helps.
--
To get out of this list, please send email to [EMAIL PROTECTED] with
this text in its body: unsubscribe suse-linux-e
Check out the SuSE-FAQ at http://www.suse.com/Support/Doku/FAQ/ and the
archive at http://www.suse.com/Mailinglists/suse-linux-e/index.html
