Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Comment on

( #3333=superdoc: print w/ replies, xml ) Need Help??

This may not be a perl specific thing. But I was not sure and thought best to mention in case. I call a chmod 0 script by itself and by perl in my user shell (bash). And fails as expected. I set-uid and still fails which I think is right as mode is 4000.

Now I set mode back to 0 and pass the script in as an argument to perl, in my user environment this fails, but under sudo the script executes.

I am not sure but is this working properly? being mode 0 I would have thought the script would not be executable whether or not set-uid. I have included most of my dabbling for reference, the interesting calls are closer to the bottom of the script.

$ login Ubuntu LTS 10.04.4 263 updates avaliable 238 are security updates hilarious@hilarious-desktop:~/Documents$ perl -v This is perl, v5.10.1 (*) built for x86_64-linux-gnu-thread-multi hilarious@hilarious-desktop:~/Documents$ mkdir ./messin $ cd ./messin $ touch ./hmm $ ls hmm $ ls -l ./hmm -rw------- 1 hilarious hilarious 0 2013-11-10 17:36 ./hmm $ chmod 0200 ./hmm $ ls -l ./hmm --w------- 1 hilarious hilarious 0 2013-11-10 17:36 ./hmm $ emacs ./hmm $ emacs -nw ./hmm $ emacs -nw ./hmm $ chmod 0000 ./hmm $ ls -l ./hmm ---------- 1 hilarious hilarious 0 2013-11-10 17:36 ./hmm $ emacs -nw ./hmm $ chmod 0200 ./hmm $ chmod 0400 ./hmm $ emacs -nw ./hmm $ chmod 0600 ./hmm $ emacs -nw ./hmm $ ls -l ./hmm -rw------- 1 hilarious hilarious 92 2013-11-10 17:57 ./hmm $ ./hmm bash: ./hmm: Permission denied $ sudo ./hmm [sudo] password for hilarious: sudo: ./hmm: command not found $ su hilarious Password: Warning: your password will expire in 4 days $ who am i hilarious pts/1 2013-11-10 17:35 (:0.0) $ ./hmm Can't open perl script "./hmm": Permission denied $ chmod 5 ./hmm $ ./hmm bash: ./hmm: Permission denied $ ls -l ./hmm -------r-x 1 hilarious hilarious 92 2013-11-10 17:57 ./hmm $ chmod 500 ./hmm $ ./hmm hello world! $ chmod 005 ./hmm $ ./hmm bash: ./hmm: Permission denied $ sudo ./hmm hello world! $ who am i hilarious pts/1 2013-11-10 17:35 (:0.0) $ sudo who am i hilarious pts/1 2013-11-10 17:35 (:0.0) $ cmod 007 ./hmm No command 'cmod' found, did you mean: Command 'qmod' from package 'gridengine-client' (universe) Command 'chmod' from package 'coreutils' (main) Command 'mod' from package 'monodoc-base' (main) cmod: command not found $ chmod 007 ./hmm $ emacs -nw ./hmm $ ./hmm bash: ./hmm: Permission denied $ sudo ./hmm hello world! $ chmod 0 ./hmm $ sudo ./hmm sudo: ./hmm: command not found $ sudo perl ./hmm hello world! $ perl ./hmm Can't open perl script "./hmm": Permission denied $ ls -l ./hmm ---------- 1 hilarious hilarious 92 2013-11-10 17:57 ./hmm $ chmod 4000 ./hmm $ ./hmm bash: ./hmm: Permission denied $ perl ./hmm Can't open perl script "./hmm": Permission denied $ sudo perl ./hmm Args must match #! line at ./hmm line 1. $ sudo perl -l ./hmm Effective UID cannot exec script $ sudo chmod 0 ./hmm $ sudo perl ./hmm hello world!

In reply to perl executes mode 0 argument passed script when called through sudo, security hole? by Don Coyote

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • Outside of code tags, you may need to use entities for some characters:
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others drinking their drinks and smoking their pipes about the Monastery: (13)
    As of 2014-12-25 04:08 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      Is guessing a good strategy for surviving in the IT business?





      Results (159 votes), past polls