On Wed, Apr 25, 2012 at 07:15, Christopher Zimmermann wrote:
> As requested, here's the same test case a little more readable:
>
> This leaves a backdoor open (possibly in the saved UID):
Yes, if you don't clear the saved uid, you can still switch back to
it. You should use setresuid if it's ava
After short testing I found a bug or at least a dangerous pitfall.
This leaves a backdoor open (probably in the saved UID):
#!/usr/bin/perl -wT
use strict;
require POSIX;
sub ids () { print "RUID=$< EUID=$> RGID=$( EGID=$)\n" }
print "Running $^X $0\n";
ids;
$> = $< = $<;
ids;
$> = $< = 0;
id
As requested, here's the same test case a little more readable:
This leaves a backdoor open (possibly in the saved UID):
==
#!/usr/bin/perl -wT
use strict;
use English qw(-no_match_vars);
sub ids { print "RUID=$REAL_USER_ID EUID=$EFFECTIVE_USER_ID\n" }
ids;
After short testing I found a bug or at least a dangerous pitfall.
This leaves a backdoor open (probably in the saved UID):
#!/usr/bin/perl -wT
use strict;
require POSIX;
sub ids () { print "RUID=$< EUID=$> RGID=$( EGID=$)\n" }
print "Running $^X $0\n";
ids;
$> = $< = $<;
ids;
$> = $< = 0;
i
On Tue, 24 Apr 2012 14:48:18 -0500
Matthew Weigel wrote:
> On 24.04.2012 14:22, Christopher Zimmermann wrote:
> > Hi,
> >
> > I'm trying to chroot and drop privileges in a perl script. But
> > somehow
> > I'm not even able to run it setuid root. The setuid bit gets ignored
> > completely. But as
On 24.04.2012 14:22, Christopher Zimmermann wrote:
Hi,
I'm trying to chroot and drop privileges in a perl script. But
somehow
I'm not even able to run it setuid root. The setuid bit gets ignored
completely. But as I understand sys/sys/exec_script.h. The
SETUIDSCRIPTS feature is enabled by defa
Hi,
I'm trying to chroot and drop privileges in a perl script. But somehow
I'm not even able to run it setuid root. The setuid bit gets ignored
completely. But as I understand sys/sys/exec_script.h. The
SETUIDSCRIPTS feature is enabled by default. What am I missing?
/tmp% ls -l test.pl
-rwsrwx-
7 matches
Mail list logo
