Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Comment on

( #3333=superdoc: print w/ replies, xml ) Need Help??

This may not be a perl specific thing. But I was not sure and thought best to mention in case. I call a chmod 0 script by itself and by perl in my user shell (bash). And fails as expected. I set-uid and still fails which I think is right as mode is 4000.

Now I set mode back to 0 and pass the script in as an argument to perl, in my user environment this fails, but under sudo the script executes.

I am not sure but is this working properly? being mode 0 I would have thought the script would not be executable whether or not set-uid. I have included most of my dabbling for reference, the interesting calls are closer to the bottom of the script.

$ login Ubuntu LTS 10.04.4 263 updates avaliable 238 are security updates hilarious@hilarious-desktop:~/Documents$ perl -v This is perl, v5.10.1 (*) built for x86_64-linux-gnu-thread-multi hilarious@hilarious-desktop:~/Documents$ mkdir ./messin $ cd ./messin $ touch ./hmm $ ls hmm $ ls -l ./hmm -rw------- 1 hilarious hilarious 0 2013-11-10 17:36 ./hmm $ chmod 0200 ./hmm $ ls -l ./hmm --w------- 1 hilarious hilarious 0 2013-11-10 17:36 ./hmm $ emacs ./hmm $ emacs -nw ./hmm $ emacs -nw ./hmm $ chmod 0000 ./hmm $ ls -l ./hmm ---------- 1 hilarious hilarious 0 2013-11-10 17:36 ./hmm $ emacs -nw ./hmm $ chmod 0200 ./hmm $ chmod 0400 ./hmm $ emacs -nw ./hmm $ chmod 0600 ./hmm $ emacs -nw ./hmm $ ls -l ./hmm -rw------- 1 hilarious hilarious 92 2013-11-10 17:57 ./hmm $ ./hmm bash: ./hmm: Permission denied $ sudo ./hmm [sudo] password for hilarious: sudo: ./hmm: command not found $ su hilarious Password: Warning: your password will expire in 4 days $ who am i hilarious pts/1 2013-11-10 17:35 (:0.0) $ ./hmm Can't open perl script "./hmm": Permission denied $ chmod 5 ./hmm $ ./hmm bash: ./hmm: Permission denied $ ls -l ./hmm -------r-x 1 hilarious hilarious 92 2013-11-10 17:57 ./hmm $ chmod 500 ./hmm $ ./hmm hello world! $ chmod 005 ./hmm $ ./hmm bash: ./hmm: Permission denied $ sudo ./hmm hello world! $ who am i hilarious pts/1 2013-11-10 17:35 (:0.0) $ sudo who am i hilarious pts/1 2013-11-10 17:35 (:0.0) $ cmod 007 ./hmm No command 'cmod' found, did you mean: Command 'qmod' from package 'gridengine-client' (universe) Command 'chmod' from package 'coreutils' (main) Command 'mod' from package 'monodoc-base' (main) cmod: command not found $ chmod 007 ./hmm $ emacs -nw ./hmm $ ./hmm bash: ./hmm: Permission denied $ sudo ./hmm hello world! $ chmod 0 ./hmm $ sudo ./hmm sudo: ./hmm: command not found $ sudo perl ./hmm hello world! $ perl ./hmm Can't open perl script "./hmm": Permission denied $ ls -l ./hmm ---------- 1 hilarious hilarious 92 2013-11-10 17:57 ./hmm $ chmod 4000 ./hmm $ ./hmm bash: ./hmm: Permission denied $ perl ./hmm Can't open perl script "./hmm": Permission denied $ sudo perl ./hmm Args must match #! line at ./hmm line 1. $ sudo perl -l ./hmm Effective UID cannot exec script $ sudo chmod 0 ./hmm $ sudo perl ./hmm hello world!

In reply to perl executes mode 0 argument passed script when called through sudo, security hole? by Don Coyote

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others cooling their heels in the Monastery: (5)
    As of 2015-07-05 19:40 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









      Results (67 votes), past polls