If you need to run bits of code as root try using the product SUGUARD or the shareware version SUDO
-----Original Message----- From: Gary Stainburn [mailto:[EMAIL PROTECTED] Sent: 05 August 2003 17:00 To: [EMAIL PROTECTED] Subject: suid problem Importance: High Hi folks, I've got an AIX 4.2 box running our company management system and I've got a problem. when a user logs in (e.g. gary) the /etc/profile runs a small C program which is setuid live:livetp which in turn runs our COBOL based app. In the app I call a perl script which takes a plain text file which was used to print via a dot-matrix printer onto multi-part paper, and extracts the data for later use. However, when I try to run it I get the following problem logged. The section of code that is the problem is shown below (the open clause is the thing that's failing). Can anyone tell me how to fix this. I've tried untainting the $_[0] by storing it in a local variable and runing a regex to remove dodgy characters and that doesn't seem to fix it. C.parts.I.41290Insecure dependency in open while running setuid at /rwsys1/production/tp/RELEASE/rwlpr line 126. CSP9DOCP: call failed: rwlpr LP430203 01 $RWDDATA/DOCUMENT/ICL02957.LP 1>&2 Code snippet. ($_[0] in this instance contained ICL02957.LP) and the unless open line is line 126 sub dump_invoice { return unless (open FIN,">DATA/$_[0]"); print FIN "$_\t$fields{$_}\n" foreach (sort keys %fields); print FIN "\n"; print FIN "$_\n" foreach @dlines; close(FIN); } -- Gary Stainburn This email does not contain private or confidential material as it may be snooped on by interested government parties for unknown and undisclosed purposes - Regulation of Investigatory Powers Act, 2000 -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ------------------------------------------------------------ The information contained in or attached to this email is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. It may contain information which is confidential and/or covered by legal professional or other privilege (or other rules or laws with similar effect in jurisdictions outside England and Wales). The views expressed in this email are not necessarily the views of Centrica plc, and the company, its directors, officers or employees make no representation or accept any liability for its accuracy or completeness unless expressly stated to the contrary. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
