Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Re^4: Distro Pkg-Managed, broken Install.pm, sudo clears $PERL5LIB (sudoers)

by Crackers2 (Vicar)
on Oct 01, 2010 at 23:51 UTC ( #863024=note: print w/ replies, xml ) Need Help??


in reply to Re^3: Distro Pkg-Managed, broken Install.pm, sudo clears $PERL5LIB (sudoers)
in thread Distro Pkg-Managed, broken Install.pm, sudo clears $PERL5LIB

But please do not make passing on PERL5LIB a default.
Why? The PERL5LIB environment variable is set up after the fact (of changing $< and $>) of getting broader permissions via sudo. So, a well thought-out privilege evelating scheme is more important than the passing of an environment variable while changing $UID, becaue you could set that very ENV var by hand, after running sudo.

^^^ What martin said. In a lot of cases the user making the sudo call does not control the code that is being called.

In that case, passing through PERL5LIB is like passing through PATH or LD_LIBRARY_PATH. Just google "sudo PATH exploit" to find plenty of examples of the trouble you can run into.

So yes, if you're sure that sudo is only used to give full shell access, then by all means go ahead and pass through PERL5LIB. In all other cases, leaving it out it probably a better idea.


Comment on Re^4: Distro Pkg-Managed, broken Install.pm, sudo clears $PERL5LIB (sudoers)
Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://863024]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (7)
As of 2014-12-25 17:02 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (160 votes), past polls