pavement

Perl setuid

From FreeBSDwiki
Jump to: navigation, search

To make it possible to run perl with temporarily elevated privileges for a particular task, you need to recompile perl:

# cd /usr/ports/lang/perl5.8 && make -DENABLE_SUIDPERL="YES" install clean

then you have to make sure your script is chmodded setuid:

# chmod 4755+s ./myscript.pl

and the ridiculously undocumented part - it still isn't going to "just run setuid." you have to change your uid within your perl code, something like this.

my $real_user_id       = $<; # Grab all the original values
my $effective_user_id  = $>; # so we can reset everything 
my $real_group_id      = $(; # when we are done with root access
my $effective_group_id = $); # 
$<=$>=0;                     # 0 is almost always OWNER root
$(=$)=0;                     # 0 is almost always GROUP wheel
#
# ...SOME PERL CODE...
#
$< = $real_user_id;          # Set everything back to original
$> = $effective_user_id;     # values.
$( = $real_group_id;         # 
$) = $effective_group_id;    # 

Of course the neat thing there is that you can easily bounce back and forth between uids.

Personal tools