pavement

Perl setuid

From FreeBSDwiki
Revision as of 13:53, 12 June 2006 by Ninereasons (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

To make it possible to run perl with temporarily elevated privileges for a particular task, you need to recompile perl: 

# cd /usr/ports/lang/perl5.8 && make -DENABLE_SUIDPERL="YES" install clean

then you have to make sure your script is chmodded setuid: 

# chmod 4755+s ./myscript.pl

and the ridiculously undocumented part - it still isn't going to "just run setuid." you have to change your uid within your perl code, something like this. 

my $real_user_id       = $<; # Grab all the original values
my $effective_user_id  = $>; # so we can reset everything 
my $real_group_id      = $(; # when we are done with root access
my $effective_group_id = $); # 
$<=$>=0;                     # 0 is almost always OWNER root
$(=$)=0;                     # 0 is almost always GROUP wheel
#
# ...SOME PERL CODE...
#
$< = $real_user_id;          # Set everything back to original
$> = $effective_user_id;     # values.
$( = $real_group_id;         # 
$) = $effective_group_id;    #

Of course the neat thing there is that you can easily bounce back and forth between uids.

Retrieved from "http://freebsdwiki.net/index.php?title=Perl_setuid&oldid=6597"
Personal tools