l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2003 May 05 11:38

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Running a suid root perl script
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Running a suid root perl script



--R+Rs1qz93vBJxC1z
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, May 03, 2003 at 08:08:45AM -0700, Ken Herron wrote:
> --On Saturday, May 03, 2003 07:34:01 AM -0700 Henry House=20
> <hajhouse@houseag.com> wrote:
>=20
> >I created suid.pl as
> >
> >	#!/usr/bin/sperl5.8.0 -T
> >	print $ENV{"USER"}."\n";
>=20
> USER is just a string in the process's environment. It isn't=20
> automatically updated when you run a setuid program. Try having the perl=
=20
> script print its real and effective UIDs, or create a file and see what=
=20
> ID owns it.

  Ken is right about the "USER" environment variable not changing... the
environment is independent of the process permissions.

Seems to work here...=20

msimons@moria:~$ cat s
#! /usr/bin/sperl5.6.1 -w

print "$<, $>, $(, $)\n";

unlink "s.test";
open FILE, "> s.test";
close FILE;
msimons@moria:~$ ls -l s
-r-sr-xr-x    1 root     msimons       106 May  5 14:29 s
msimons@moria:~$ ./s
1000, 0, 1000 33 4 1000, 1000 33 4 1000
msimons@moria:~$ ls -l s.test
-rw-r--r--    1 root     msimons         0 May  5 14:29 s.test

--=20
GPG key: http://simons-clan.com/~msimons/gpg/msimons.asc
Fingerprint: 524D A726 77CB 62C9 4D56  8109 E10C 249F B7FA ACBE

--R+Rs1qz93vBJxC1z
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+tq5C4Qwkn7f6rL4RAjZRAJwKxdgwCKPJ956/9FzhldGPeuVB8wCfcXbD
ORcq/k/TnxyZxxTeto5xdwk=
=xu4k
-----END PGP SIGNATURE-----

--R+Rs1qz93vBJxC1z--
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech








LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.