suidperl

Forum Moderators: coopster & phranque

Message Too Old, No Replies

suidperl

Not running the commands

DrDoc

11:35 pm on Nov 2, 2004 (gmt 0)

I have the following script:

#!/usr/bin/suidperl $ENV{PATH} = ""; 
if($ARGV[0] eq "apache") { 
  if($ARGV[1] eq "restart") { 
    $result = `/usr/sbin/apachectl restart`; 
    print $result; 
    exit(0); 
  } 
  else { 
    print "-bash: run: command not found\n"; 
    exit(1); 
  } 
} 
else { 
  print "-bash: run: command not found\n"; 
  exit(1); 
}

The script is saved in the /usr/sbin folder as

run

. However, when I call

run apache restart

it does, well... nothing! How can I get it to actually execute that command?

jollymcfats

11:47 pm on Nov 2, 2004 (gmt 0)

Are you sure you're running setuid? You can print the contents of

$<

and

$>

to see the current UID and EUID, respectively. You're looking for EUID to be 0 if you're setuid root.

DrDoc

11:51 pm on Nov 2, 2004 (gmt 0)

print $< . " " . $>;
...returns "99 0". So that should be ok.

jollymcfats

11:52 pm on Nov 2, 2004 (gmt 0)

Also, I think you may want #!/usr/bin/perl, not suidperl. The

perlsec

perldoc suggests that perl automagically invokes suidperl for you on systems that disallow setuid scripts.

DrDoc

11:55 pm on Nov 2, 2004 (gmt 0)

You're right... Using /usr/bin/perl works too.

Hmm, now I get this when I run "run apache restart"

httpd not running, trying to start

I's confused...

jollymcfats

12:01 am on Nov 3, 2004 (gmt 0)

Well, that's a step in the right direction anyhow. :)

My first thought was that apachectl might be confused because you've cleared the PATH. But in my apachectl, all the paths are hardcoded so that seems less likely. YMMV though.

Is your apache configuration in a non-standard place? You may need to add a -d /path/to/it if it is. You can coax the compiled-in path out of Apache by running httpd -V

DrDoc

12:17 am on Nov 3, 2004 (gmt 0)

Nope, it's in the default location. When I run

apachectl restart

from the command line things work fine. The funny thing is that I get

httpd not running, trying to start

when running from the browser!

Should I do:
$< = $>;

Seems like it's trying to start apache for the user nobody, even though the perl script is running as root.

DrDoc

12:26 am on Nov 3, 2004 (gmt 0)

As a side note: I find it interesting that something like /usr/sbin/httpd -V or /usr/sbin/httpd -v works, while /usr/sbin/httpd -t returns nothing...

jollymcfats

12:46 am on Nov 3, 2004 (gmt 0)

You could try something like `touch /tmp/whoami` to see what uid is being used for external processes. As far as I recall, euid is the one that matters for these things.

There is always that sudo option. ;)

DrDoc

1:18 am on Nov 3, 2004 (gmt 0)

$< = $>

Doing that solves the problem...
Are there any risks associated with doing that though?

jollymcfats

1:21 am on Nov 3, 2004 (gmt 0)

Nope. You just can't drop root privileges later. Not that you'd usually need to in a script like this.

DrDoc

1:23 am on Nov 3, 2004 (gmt 0)

Excellent!

Thanks for your help! It's much appreciated. :)

jollymcfats

1:42 am on Nov 3, 2004 (gmt 0)

Arg. You can drop root privileges later. Since you're setting to root, you're free to change from root later. If you were setting something non-root in uid or euid, then you'd have to worry about whether you could come back to root privs. Which you're not, so no worries.

Sorry, a little distracted today. ;)

DrDoc

5:29 pm on Nov 3, 2004 (gmt 0)

LOL
I read "you can just drop root privileges later" anyway ;)

And, yes, that would make sense... As long as I store the value of the other user I should be able to switch back.

suidperl

Not running the commands

DrDoc

jollymcfats

DrDoc

jollymcfats

DrDoc

jollymcfats

DrDoc

DrDoc

jollymcfats

DrDoc

jollymcfats

DrDoc

jollymcfats

DrDoc

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week