pavement

Perl setuid

From FreeBSDwiki
(Difference between revisions)
Jump to: navigation, search
 
(Clarify what "setuid" means. dead-end. link to Perl)
 
Line 1: Line 1:
first, you need to recompile perl:
+
To make it possible to run [[perl]] with temporarily elevated privileges for a particular task, you need to recompile perl:
  
 
  # cd /usr/ports/lang/perl5.8 && make -DENABLE_SUIDPERL="YES" install clean
 
  # cd /usr/ports/lang/perl5.8 && make -DENABLE_SUIDPERL="YES" install clean

Latest revision as of 13:53, 12 June 2006

To make it possible to run perl with temporarily elevated privileges for a particular task, you need to recompile perl:

# cd /usr/ports/lang/perl5.8 && make -DENABLE_SUIDPERL="YES" install clean

then you have to make sure your script is chmodded setuid:

# chmod 4755+s ./myscript.pl

and the ridiculously undocumented part - it still isn't going to "just run setuid." you have to change your uid within your perl code, something like this.

my $real_user_id       = $<; # Grab all the original values
my $effective_user_id  = $>; # so we can reset everything 
my $real_group_id      = $(; # when we are done with root access
my $effective_group_id = $); # 
$<=$>=0;                     # 0 is almost always OWNER root
$(=$)=0;                     # 0 is almost always GROUP wheel
#
# ...SOME PERL CODE...
#
$< = $real_user_id;          # Set everything back to original
$> = $effective_user_id;     # values.
$( = $real_group_id;         # 
$) = $effective_group_id;    # 

Of course the neat thing there is that you can easily bounce back and forth between uids.

Personal tools