Re: discarding root privileges in suid perl
What kernel version is this? Wasn't there something weird with a recent
2.2.x kernel dropping privs (manifested in a sendmail exploit)? I don't
remember details...
On Tue, Oct 17, 2000 at 02:32:21PM +1100, Brian May <bam@debian.org> spake forth:
> >>>>> "Miquel" == Miquel van Smoorenburg <miquels@cistron.nl> writes:
>
> Miquel> In article <84lmvpg3bz.fsf@snoopy.apana.org.au>, Brian May
> Miquel> <bam@debian.org> wrote:
> >> According to "man perlsec", line 300+, the following code
> >> should destroy extra privileges in a suid root perl script:
> >>
> >> $EUID = $UID; $EGID = $GID; # initgroups() also called!
>
> Miquel> You need to 'use English' for the $EUID etc variables to
> Miquel> work. Otherwise use $>, $<, etc. See 'man perlvar'
>
> Already done. I also use strict, to ensure mistakes like this cannot
> happen.
>
> As for this problem, I suspect perl or libc6 might be caching the old
> permissions somewhere, but I don't understand how or why.
>
> Otherwise, it should normally be impossible for a non-root program (ie
> UID!=root and EUID!=root) to suddenly obtain root privileges.
> --
> Brian May <bam@debian.org>
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
Mike Markley <mike@markley.org>
PGP: 0xA9592D4D 62 A7 11 E2 23 AD 4F 57 27 05 1A 76 56 92 D5 F6
GPG: 0x3B047084 7FC7 0DC0 EF31 DF83 7313 FE2B 77A8 F36A 3B04 7084
Emotions are alien to me. I'm a scientist.
- Spock, "This Side of Paradise", stardate 3417.3
Reply to: