Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re^2: perl executes mode 0 argument passed script when called through sudo, security hole?

by Don Coyote (Hermit)
on Nov 11, 2013 at 21:59 UTC ( [id://1062061]=note: print w/replies, xml ) Need Help??


in reply to Re: perl executes mode 0 argument passed script when called through sudo, security hole?
in thread perl executes mode 0 argument passed script when called through sudo, security hole?

Thank you for explaining this Dr Hyde. I know from what I have read, there are numerous ways to execute a script on a system which does not interpret the magic #! line. Your explanation does help to understand these incantations more clearer. I think understanding root can read mode 0 files is the main point. Otherwise, how would you access an nt file, which does not have permissions, after you mounted an ntfs?

For clarification I opened the mode 0 file passed as an argument to emacs whilst in sudo. Surely enough I could read, but not write, to the buffer. :smile

#!/usr/bin/perl -l
 
use warnings;
use strict;

my $var = 'hello world!';
print $var;
exit 0;

[download]

And while passing this script in with the -l option did not cause problems, placing a -T at the end of the she-bang line still made perl complain about the command line lacking the taint mode flag, naturally.

 perl -e 'chmod 10000' ./coyote_ears
  • Comment on Re^2: perl executes mode 0 argument passed script when called through sudo, security hole?
  • Select or Download Code

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1062061]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others musing on the Monastery: (6)
As of 2024-04-16 09:21 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found