l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2003 May 05 13:44

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Running a suid root perl script
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Running a suid root perl script

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, May 05, 2003 at 11:37:20AM -0700, Henry House wrote:
> You're right. The file is owned by root. Now the real reason that I want =
> suid script:
> #!/usr/bin/suidperl -T
> $ENV{'PATH'} =3D '/bin:/usr/bin';
> delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
> $ENV{'HOME'} =3D '/root';
> open(BOGOFILTER, "|ssh root\@mail.internal bogofilter -Nsv");
> while ($line =3D <STDIN>) { print BOGOFILTER $line }
> close(BOGOFILTER);
> exit
> This script, residing at /usr/local/bin/spamlearn, is intended to allow
> al users to redirect spam that gets through back to the bogofilter* datab=
> on the mail server, a seperate machine that normally does not host
> interactive logins. SSH is configured to accept key-based auth only and t=
> key is in root's home. But it does not work: SSH asks for a password and
> warns about an unknown server fingerprint, indicating that it is using
> the user's ~/.ssh not /root/.ssh. Any ideas?


  Is sounds like some environment variable like 'USER' needs to be set so=
that ssh can find the right local key to use for authentication.  Have your=
script print out all the environment variables and values...
  print map { "$_ -> $ENV{$_}\n" } keys %ENV;
=2E.. look for any that look wrong and fix them.

  Also, I recommend you remove all environment variables except for the
ones you trust, since this is running as root and there have been a
number of ways to take over based on environment holes...

something Draconian like this should be safe:  =3D)
  delete %ENV;
  $ENV('HOME'} =3D "/root";
  $ENV('USER'} =3D "root";
  $ENV('SHELL'} =3D "/bin/bash";
  $ENV('PATH'} =3D "/bin:/usr/bin";

GPG key: http://simons-clan.com/~msimons/gpg/msimons.asc
Fingerprint: 524D A726 77CB 62C9 4D56  8109 E10C 249F B7FA ACBE

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org


vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.