Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Re: suid Perl with App::PAR::Packer (pp)

by Tommy (Chaplain)
on Oct 13, 2013 at 00:57 UTC ( #1058026=note: print w/ replies, xml ) Need Help??


in reply to suid Perl with App::PAR::Packer (pp)

GASP!

What if I changed that to 0777...

185 if (mkdir(top_tmpdir, 0700) == -1 && errno != EEXIST) {

Hmmm... nope. Sefault. Still getting permission-denied. More fun... strace says:

... stat("/tmp", {st_mode=S_IFDIR|S_ISVTX|0777, st_size=4096, ...}) = 0 access("/tmp", W_OK) = 0 mkdir("/tmp/par-746f6d6d79", 0777) = -1 EEXIST (File exists) getpid() = 3292 mkdir("/tmp/par-746f6d6d79/temp-3292", 0777) = -1 EACCES (Permission d +enied) mkdir("/tmp/par-746f6d6d79/temp-3292", 0777) = -1 EACCES (Permission d +enied) write(2, "./suid_script: creation of priva"..., 103./suid_script: crea +tion of private cache subdirectory /tmp/par-746f6d6d79/temp-3292 fail +ed (errno= 13) ) = 103 exit_group(255) = ?
Tommy
A mistake can be valuable or costly, depending on how faithfully you pursue correction


Comment on Re: suid Perl with App::PAR::Packer (pp)
Select or Download Code
Re^2: suid Perl with App::PAR::Packer (pp)
by Tommy (Chaplain) on Oct 13, 2013 at 19:50 UTC

    Well. I got it to work by slightly changing the build process and by further alterations to the C source files of the App::PAR::Packer distribution. Since the changes were across multiple files and I can't exactly zip them up and share them here, please just contact me using this link and I'll give you the installable source and instructions if you're interested. http://www.atrixnet.com/contact/

    Victory is mine! (And yours too, if you want a copy)

    Aside: I wonder why nobody front-paged this after such an elaborate write-up?

    Tommy
    A mistake can be valuable or costly, depending on how faithfully you pursue correction

      Since the changes were across multiple files and I can't exactly zip them up and share them here,

      Do a make realclean in respective directories and then  diff -ruN orig-pars-dists new-pars-dists

        Dear, Anonymous Monk. I did what you asked and put the diff up as a gist on github.

        It's here: https://gist.github.com/tommybutler/6970628

        Please read the notes on the patch before using it, because it notes that the build helper script had to be changed in order to make it work (by removing the --clean option when calling pp). I added crypto filters to the compiled executable for better security, given that it is suid. I also put into the BEGIN block of the script an instant-exit if $< isn't my uid.

        The updated (fixed) build helper script:

        #!/bin/bash sudo rm -rf /tmp/par* && sudo rm -rf suid_script && pp --output=suid_script -f Crypto -F Crypto -M Filter::Crypto::Decrypt + suid_script.pl && sudo chown root:root suid_script && sudo chmod +x suid_script && sudo chmod u+s suid_script && stat suid_script && rm -rf /tmp/par*

         

        Tommy
        A mistake can be valuable or costly, depending on how faithfully you pursue correction

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1058026]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (4)
As of 2014-07-13 07:34 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    When choosing user names for websites, I prefer to use:








    Results (248 votes), past polls