Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

suidperl

by hotshot (Prior)
on Dec 10, 2001 at 19:02 UTC ( [id://130671]=perlquestion: print w/replies, xml ) Need Help??

hotshot has asked for the wisdom of the Perl Monks concerning the following question:

Hello everyone !

Can someone explain in a few words what exactly is 'suidperl', the case where my script starts with:
#!/usr/bin/suidperl -w
Thanks.

Hotshot

Replies are listed 'Best First'.
Re: suidperl
by arhuman (Vicar) on Dec 10, 2001 at 19:12 UTC
    For security reasons, modern unices disable SUID bit on scripts.
    (Beccause it's often IMPOSSIBLE to have safe SUID shell script)
    suidperl allow you to use this suid feature even on such system...

    For a detailed explanation see : perlsec...

    Another (more general) safe way is the prog sudo

    "Only Bad Coders Code Badly In Perl" (OBC2BIP)
      There have before been security problems in suidperl. And the sudo utility works just fine for me. Therefore given a choice, I always remove suidperl and use sudo instead.
Re: suidperl
by Erik Hensema (Sexton) on Dec 10, 2001 at 21:39 UTC

    Your scripts should never start with

    #!/usr/bin/suidperl -w

    Allways just use /usr/bin/perl.

    suidperl is needed to be able to run scripts setuid. Usually this is impossible, because scripts are handled by an interpreter which isn't installed setuid.

    'Running setuid' means that a program is started as if it was started by it's owner. So, if a file is owned by root:root and is setuid, it would be running with root priveliges regardless of what user started it. On startup, suidperl will change it's effective user-id to the id of the script's owner.

    Read man perlsec for more information.

    A script however is started with the permissions of the interpreter. So, if you make a script setuid it wouldn't have any effect. This is where suidperl comes in: suidperl is usually installed setuid root:root and is automatically invoked by perl when perls sees the scripts it's about to start is setuid.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://130671]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others sharing their wisdom with the Monastery: (2)
As of 2024-12-02 21:05 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found