[Date Index][Thread Index]
[Date Prev][Date Next][Thread Prev][Thread Next]

Re: May I run wml from a setuid program? (It seems not)

From: <nospam@thanx>
Date: Wed, 29 Sep 1999 13:06:19 +0200 (CET)

On Wed, 29 Sep 1999, Stephane Bortzmeyer wrote:

> On Wednesday 29 September 1999, at 0 h 10, the keyboard of Denis Barbier 
> <barbier@imacs.polytechnique.fr> wrote:
> 
> > You have to define $ENV{PATH} _inside_ your Perl scripts.
> 
> I do it in the Perl script which runs wml. But wml resets it :-( which is not 
> a good idea, IMHO.

No, WML does not reset it.

Let's see what i did yesterday:

prompt$ su -
prompt# cd /tmp
prompt# cat <<EOT > suid
#!/usr/bin/perl
use Cwd;
\$cwd=cwd;
print \$cwd . "\\n";
EOT
prompt# chmod u+s,a+x suid
prompt# exit
prompt$ cd /tmp
prompt$ ./suid
Insecure $ENV{PATH} while running setuid at /usr/lib/perl5/Cwd.pm line
69.

The line number does not fit because i run Perl 5.004, but it is the
same line in Cwd.pm

Now, let's use a wrapper
prompt$ su -
prompt# chmod u-s suid
prompt# mv suid nosuid
prompt# cat <<EOT > suidwrap
#!/usr/bin/perl
\$ENV{PATH}='/bin:/usr/bin';
system('/tmp/nosuid');
1;
EOT
prompt# chmod u+s,a+x suidwrap
prompt# exit
prompt$ cd /tmp
prompt$ ./suidwrap
Insecure $ENV{ENV} while running setuid at ./suidwrap line 3.

Ok, as stated in the perlsec manpage, i added this line to suidwrap:
  delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

prompt$ ./suidwrap
Insecure $ENV{PATH} while running setuid at /usr/lib/perl5/Cwd.pm line
69.

BUT if you define $ENV{PATH} inside nosuid, then it works fine.
That's why i stated you have to define $ENV{PATH} inside your perl
scripts, and not inside your wrapper. Setting it in the wrapper is
exactly like setting it in your environment.

OR, and i just discover it, change uid solve this.

> Running from another account, with the setuid wrapper (which sets uid to me):
> 
> /local/bin/wml -o index_all.html   index_all.wml 
> cannot load /tmp/wml.12907.tmp2 for unprotection: No such file or directory at /local/bin/wml line 642.
> 
> (The .tmp1 file is properly created, and with the proper UID, mine)
> 
> Running from my account, it works.

Now what do my files look like?
prompt$ cat suidwrap
#!/usr/bin/perl
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
$ENV{PATH}='/bin:/usr/bin';
$< = 33;
$> = 33;
system('/usr/bin/wml -o index.html index.wml');
1;
prompt$ cat index.wml
before
<: print "OK\n" :>
after
prompt$ ./suidwrap

And everything works fine, with right IDs.
So i can't help you anymore. Maybe you could run wml verbosely with -v9.

-- 
Denis Barbier
WML Maintainer

______________________________________________________________________
Website META Language (WML)                www.engelschall.com/sw/wml/
Official Support Mailing List                   sw-wml@engelschall.com
Automated List Manager                       majordomo@engelschall.com

References:
- Re: May I run wml from a setuid program? (It seems not), From: Stephane Bortzmeyer

Prev by Date: Re: May I run wml from a setuid program? (It seems not)
Next by Date: Re: Ouput directory other than source directory
Prev by thread: Re: May I run wml from a setuid program? (It seems not)
Next by thread: [BUG REPORT] WML 1.7.2, RedHat Linux 5.2
Index(es):
- Date
- Thread