Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re^2: Perl Setuid - Oracle Password Hardcoding

by afoken (Parson)
on Nov 19, 2011 at 08:44 UTC ( #938952=note: print w/ replies, xml ) Need Help??


in reply to Re: Perl Setuid - Oracle Password Hardcoding
in thread Perl Setuid - Oracle Password Hardcoding

Two hints:

  1. Given sufficient permissions in /etc/sudoers, the command /usr/bin/sudo -u foo /usr/bin/cat /home/foo/bar.txt runs cat as user foo and writes the contents of /home/foo/bar.txt to STDOUT.
  2. In Perl, $text=`/usr/games/fortune -a`; runs /usr/games/fortune -a and collects all text written to STDOUT in $text. See Safe Pipe Opens for a more robust variant.

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)


Comment on Re^2: Perl Setuid - Oracle Password Hardcoding
Select or Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://938952]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (5)
As of 2014-11-29 03:43 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My preferred Perl binaries come from:














    Results (203 votes), past polls