Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!news.sdsmt.edu!news.mid.net!mr.net!sgigate.sgi.com!news1.best.com!svc.portal.com!shell.portal.com!shell.portal.com!not-for-mail From: pierre@shell.portal.com (Pierre Uszynski) Newsgroups: comp.lang.perl.misc,comp.unix.bsd.freebsd.misc,comp.unix.bsd.bsdi.misc Subject: suid perl4 script problem and solution Date: 3 Jul 1996 23:10:04 -0700 Organization: Portal Communications (shell) Lines: 72 Message-ID: <4rfn7s$qom@jobe.shell.portal.com> NNTP-Posting-Host: jobe.shell.portal.com Keywords: taint, bsdi, freebsd, setuid Xref: euryale.cc.adfa.oz.au comp.lang.perl.misc:31157 comp.unix.bsd.freebsd.misc:22785 comp.unix.bsd.bsdi.misc:4226 * * * Problem symptoms on BSDI 2.1 which, unfortunately, one of my customers uses (and maybe on some other Perl ports, maybe not limited to BSDI... such as FreeBSD) "Suid Perl4 scripts" (actually here called from their C wrapper) die quickly with an error message: "Can't run setuid script with taint checks" * * * The reason and the fix Perl subcontracts a number of checks (and the execution I believe) of wrapped suid scripts to 'taintperl' (sometimes called tperl), and does not let you run suid if it cannot do that. But for that it must be able to find taintperl in the first place. 'strings perl' shows: %s/tperl%s Can't run setuid script with taint checks Normally Perl looks for something like tperl4.036 but what you need in this case is: tperl(nu36 Yes, I'm not kidding, tperl(nu36 ! * * * How did that happen? What happens is that someone took the initiative, without regard for the consequences, to completely mess up the RCS version control string so it becomes something like: perl.c,v1.21993/12/22 17:08:26 whereas it is normally of the form: $RCSfile: perl.c,v $$Revision: 4.0.1.8 $$Date: 1993/02/05 19:39:30 $ If you look through a correct version of the source code, module perl.c (not that big), you find the version part of the taintperl program name is built out of the RCSid more or less as: sprintf(variable, "%3.3s%2.2d", index(rcsid,'4'), patchlevel) index should return a pointer to a string starting in '4.0...', and patchlevel is '36'. Resulting in a file name version of '4.036'. Fair enough. Instead, index cannot find a '4' in the new, improved RCSid. It returns a null pointer. Sprintf turns this null pointer into a string '(null)', then uses the first 3 characters of the string: '(nu36'. So simply copy taintperl as tperl(nu36 and at least you'll be back in business. Or if that doesn't work, check the various telltales I mention and/or write up a small C test to find out what comes out of such an sprintf on your machine. If you don't have root access, you can always try copying perl and tperl(nu36 :-) locally, somewhere in your search path, and it may still work. Please let me know if you have the same problem on other platforms than BSDI 2.1, Thanks. (Apparently there is a similar botch in FreeBSD, see news message 4m8l29$air@uriah.heep.sax.de) Thank you BSDI for a delightful afternoon :-( And I hope this helps a few of you who were having the same problem recently. Pierre. pierre@shell.portal.com