On Mon, May 08, 2000 at 06:54:09PM +1000, Brendan O'Dea wrote:
> On Mon, May 08, 2000 at 03:15:54AM -0400, Decklin Foster wrote:
> >Ethan Benson writes:
> >
> >> im not all that familier with the way suidperl works but why can't
> >> it check for nosuid mount options before allowing a script located
> >> on a nosuid filesystem from being run suid?
> >
> >Take it up with the Perl people; my personal reaction is 'yuck' but
> >they may have a different view. [...]
>
> suidperl honours the nosuid flag.
i just tested this and it appears that it does, i get a permission
denied when trying to suidperl a suid root perl script in my home
directory (/home is nosuid) but not when its in / (i don't think im
not bothering to write a script perl is happy to run suid)
actually just testing this on my OpenBSD box this seems to be the
case, it has no suidperl binary, and i ran a suid perl script
executing system("id") the suid bit is ignored when on a nosuid
filesystem, but perl complains about insecure PATH/ENV when running
suid with the script in /
is suidperl even needed on non-linux systems? the only reason i think
think of why its required is because the linux kernel refuses to run
scripts suid (though i can't quite tell if it does that to perl
scripts) OpenBSD happily runs shell scripts suid... AFAIK ignoring
suid on scripts is a linuxism.
--
Ethan Benson
http://www.alaska.net/~erbenson/
Attachment:
pgp38hBPFeiVA.pgp
Description: PGP signature