|Think about Loose Coupling|
Shell redirection failing within system for suidperlby puterboy (Scribe)
|on Nov 10, 2009 at 04:42 UTC||Need Help??|
puterboy has asked for the
wisdom of the Perl Monks concerning the following question:
Within suidperl, I can do:
system("/bin/echo testing > /test");
fails with error: sh /test: Permission denied
I have the script suid 4754 with owner root.
/ is owned by root.root with perms 755.
Adding the line system("/usr/bin/id") confirms that I indeed am euid=0(root) with my normal uid/gid.
I don't understand why suidperl allows me to create (i.e. touch) a file by doesn't allow me to write to it by standard shell redirection.
Note, what I'm really trying to do is the following -- write the output of a command that I need to run suid root to a compressed file in a directory owned by root, but I simplified the code above to isolate the problem. Here is a snippet of the code I am trying to use (where nothing is tainted)
I can get it to work if I do the 'gzip' within a system command rather than as part of the pipe but then I need an intermediate file and 2 system calls.
Is there any way to code what I want without that problem? (note that for added security, I am trying to not use the shell as part of the 'system' command)