l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
November 4: Social gathering
Next Installfest:
TBD
Latest News:
Oct. 24: LUGOD election season has begun!
Page last updated:
2003 May 05 13:44

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Running a suid root perl script
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Running a suid root perl script



On Sat, May 03, 2003 at 08:08:45AM -0700, Ken Herron wrote:
> --On Saturday, May 03, 2003 07:34:01 AM -0700 Henry House 
> <hajhouse@houseag.com> wrote:
> 
> >I created suid.pl as
> >
> >	#!/usr/bin/sperl5.8.0 -T
> >	print $ENV{"USER"}."\n";
> 
> USER is just a string in the process's environment. It isn't 
> automatically updated when you run a setuid program. Try having the perl 
> script print its real and effective UIDs, or create a file and see what 
> ID owns it.

You're right. The file is owned by root. Now the real reason that I want an
suid script:

#!/usr/bin/suidperl -T
$ENV{'PATH'} = '/bin:/usr/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
$ENV{'HOME'} = '/root';
open(BOGOFILTER, "|ssh root\@mail.internal bogofilter -Nsv");
while ($line = <STDIN>) { print BOGOFILTER $line }
close(BOGOFILTER);
exit

This script, residing at /usr/local/bin/spamlearn, is intended to allow
al users to redirect spam that gets through back to the bogofilter* database
on the mail server, a seperate machine that normally does not host
interactive logins. SSH is configured to accept key-based auth only and the
key is in root's home. But it does not work: SSH asks for a password and
warns about an unknown server fingerprint, indicating that it is using
the user's ~/.ssh not /root/.ssh. Any ideas?

* Baysian classifier capable of recognizing known spam types with 99%
  accuracy. It is integrated into exim on my mail server.

-- 
Henry House
The attached file is a digital signature. See <http://romana.hajhouse.org/pgp>
for information.  My OpenPGP key: <http://romana.hajhouse.org/hajhouse.asc>.

Attachment: pgp00010.pgp
Description: PGP signature



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.