Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw

Shell redirection failing within system for suidperl

by puterboy (Scribe)
on Nov 10, 2009 at 04:42 UTC ( #806124=perlquestion: print w/replies, xml ) Need Help??
puterboy has asked for the wisdom of the Perl Monks concerning the following question:

Within suidperl, I can do:
 system("/bin/touch /test");
 system("/bin/echo testing > /test");
fails with error: sh /test: Permission denied
I have the script suid 4754 with owner root.
/ is owned by root.root with perms 755.
Adding the line system("/usr/bin/id") confirms that I indeed am euid=0(root) with my normal uid/gid.

I don't understand why suidperl allows me to create (i.e. touch) a file by doesn't allow me to write to it by standard shell redirection.

Note, what I'm really trying to do is the following -- write the output of a command that I need to run suid root to a compressed file in a directory owned by root, but I simplified the code above to isolate the problem. Here is a snippet of the code I am trying to use (where nothing is tainted)
open STDOUT, "| /bin/gzip >| /logfile.gz"; system("my command", "arg1", "arg2")

I can get it to work if I do the 'gzip' within a system command rather than as part of the pipe but then I need an intermediate file and 2 system calls.
open STDOUT, "/logfile"; system("my command", "arg1", "arg2") system("gzip","-f","/logfile");
Is there any way to code what I want without that problem? (note that for added security, I am trying to not use the shell as part of the 'system' command)

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://806124]
Approved by Corion
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (7)
As of 2017-03-27 06:51 GMT
Find Nodes?
    Voting Booth?
    Should Pluto Get Its Planethood Back?

    Results (316 votes). Check out past polls.