Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!chi-news.cic.net!newsfeed.internetmci.com!EU.net!Germany.EU.net!Dortmund.Germany.EU.net!interface-business.de!not-for-mail From: j@interface-business.de (J Wunsch) Newsgroups: comp.unix.bsd.bsdi.misc,comp.lang.perl.misc Subject: Re: setuid perl scripts Date: 13 Oct 1995 10:23:34 +0100 Organization: interface business GmbH, Dresden Lines: 23 Message-ID: <45lb6m$1c9@ida.interface-business.de> References: <fmontes-0510951946560001@200.4.12.6> <45e1f6$2uv@ida.interface-business.de> <DGB0Ax.u7@kerberos.demon.co.uk> NNTP-Posting-Host: ida.interface-business.de Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:1220 comp.lang.perl.misc:4943 Anthony Lovell <alovell@kerberos.demon.co.uk> wrote: >J Wunsch (j@interface-business.de) wrote: > >: You don't even need a C wrapper. As you can see, Perl is clever >: enough about scripts running setuid... :-) (Simply make your script >: setuid. If all else fails, put a #!/usr/wherever/bin/suidperl on >: top.) > >That's not allowed, Programming Perl page 374 is quite clear about this >suidperl (which should never be run explicitly) Perl runs it for you on >setuid scripts. ^^^^^ But not if the installation is broken since for example the Perl revision number is taken out of some $Id$ string inside Perl, but somebody (in this case, FreeBSD) preferred to store the Perl source inside its own source tree, so the CVS checkout clobbered the $Id$. What bad thing should arise out of explicitly running it? (Assuming the script is actually setuid.) -- J"org Wunsch Unix support engineer joerg_wunsch@interface-business.de [private: http://www.sax.de/~joerg/]