Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re^3: Distro Pkg-Managed, broken Install.pm, sudo clears $PERL5LIB (sudoers)

by shmem (Canon)
on Sep 29, 2010 at 20:58 UTC ( #862703=note: print w/replies, xml ) Need Help??


in reply to Re^2: Distro Pkg-Managed, broken Install.pm, sudo clears $PERL5LIB (sudoers)
in thread Distro Pkg-Managed, broken Install.pm, sudo clears $PERL5LIB

But please do not make passing on PERL5LIB a default.

Why? The PERL5LIB environment variable is set up after the fact (of changing $< and $>) of getting broader permissions via sudo.

So, a well thought-out privilege evelating scheme is more important than the passing of an environment variable while changing $UID, becaue you could set that very ENV var by hand, after running sudo.

That statement of yours which I quoted looks to me very much like the bogus "eval is evil" and "don't use system $string" warnings, which are nonsense as absolutes, i.e. without context.

Replies are listed 'Best First'.
Re^4: Distro Pkg-Managed, broken Install.pm, sudo clears $PERL5LIB (sudoers)
by martin (Friar) on Sep 30, 2010 at 23:23 UTC
    martin But please do not make passing on PERL5LIB a default.

    shmem Why? The PERL5LIB environment variable is set up after the fact (of changing $< and $>) of getting broader permissions via sudo.

    Sudo is not only used to hand out superuser shells. It is designed to give limited access to a variety of actions in a precisely controlled fashion, most notably perhaps running scripts with privileges of a different user.

    This can, for instance, enforce the use of a particular interface to some system service. To that end it is mandatory that the sudoer cannot change what code is being run via environment variables such as PERL5LIB. Therefore, caution would dictate not to undermine this safety feature through careless defaults. You can always be more specific where you have to.

    I find it reasonable to play safe by default. You may resolve a certain incommodity the way you suggested, but should be aware of the security implications, too.

Re^4: Distro Pkg-Managed, broken Install.pm, sudo clears $PERL5LIB (sudoers)
by Crackers2 (Parson) on Oct 01, 2010 at 23:51 UTC
    But please do not make passing on PERL5LIB a default.
    Why? The PERL5LIB environment variable is set up after the fact (of changing $< and $>) of getting broader permissions via sudo. So, a well thought-out privilege evelating scheme is more important than the passing of an environment variable while changing $UID, becaue you could set that very ENV var by hand, after running sudo.

    ^^^ What martin said. In a lot of cases the user making the sudo call does not control the code that is being called.

    In that case, passing through PERL5LIB is like passing through PATH or LD_LIBRARY_PATH. Just google "sudo PATH exploit" to find plenty of examples of the trouble you can run into.

    So yes, if you're sure that sudo is only used to give full shell access, then by all means go ahead and pass through PERL5LIB. In all other cases, leaving it out it probably a better idea.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://862703]
help
Chatterbox?
[Corion]: marto: Clever! ;)
[Corion]: You can only reach me by pager
[Corion]: Maybe the solution would be to launch a cron job every minute that takes two measurements a minute apart and sends a mail if the usage is below on the first and above threshold on the last measurement
[marto]: that's essentially it :)
[marto]: I think the long term solution would be to have sysadmins that do their job, so I don't have to do everything :P
[marto]: they already have an entire BMC patrol system, which they disabled, because it was sending out spurious messages. So rather than fix the issue, or even find out what it was, they turned it off. No messages, can't be any problems, right?
[Corion]: marto: But having open tickets / incidents increases the pressure on them ;) Of course, likely your contract / SLA specifies an upper limit for the number of incidents :-D
[Corion]: marto: Ow ...
[marto]: Corion They don't get into trouble for the number of tickets, or even breached tickets they have
[marto]: which is a core issue with the client

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (10)
As of 2017-01-24 10:14 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Do you watch meteor showers?




    Results (203 votes). Check out past polls.