Perl setuid
From FreeBSDwiki
		(Difference between revisions)
		
		
| Ninereasons  (Talk | contribs)   (Clarify what "setuid" means. dead-end. link to Perl) | |||
| Line 1: | Line 1: | ||
| − | + | To make it possible to run [[perl]] with temporarily elevated privileges for a particular task, you need to recompile perl: | |
|   # cd /usr/ports/lang/perl5.8 && make -DENABLE_SUIDPERL="YES" install clean |   # cd /usr/ports/lang/perl5.8 && make -DENABLE_SUIDPERL="YES" install clean | ||
Latest revision as of 14:53, 12 June 2006
To make it possible to run perl with temporarily elevated privileges for a particular task, you need to recompile perl:
# cd /usr/ports/lang/perl5.8 && make -DENABLE_SUIDPERL="YES" install clean
then you have to make sure your script is chmodded setuid:
# chmod 4755+s ./myscript.pl
and the ridiculously undocumented part - it still isn't going to "just run setuid." you have to change your uid within your perl code, something like this.
my $real_user_id = $<; # Grab all the original values my $effective_user_id = $>; # so we can reset everything my $real_group_id = $(; # when we are done with root access my $effective_group_id = $); # $<=$>=0; # 0 is almost always OWNER root $(=$)=0; # 0 is almost always GROUP wheel # # ...SOME PERL CODE... # $< = $real_user_id; # Set everything back to original $> = $effective_user_id; # values. $( = $real_group_id; # $) = $effective_group_id; #
Of course the neat thing there is that you can easily bounce back and forth between uids.
