Okay, I'm trying to understand how setuid/setgid scripts work now with Perl 5,
so if I'm making a mistake anywhere, I'd appreciate knowing where I've gone
astray. Also, if folks could tell me what versions of Unix fall under which
categories, I'd appreciate that too.
Kernel has secured setuid scripts (such as connecting /dev/fd/3 to the
script): (Solaris x.y)
Compile perl with -DSETUID_SCRIPTS_ARE_SECURE_NOW
Set script setuid/setgid to desired id's
Script calls perl normally
Kernel does not have secure setuid script capability: (HP-UX)
Use wrapper program setuid/setgid to desired uid/gid.
Wrapper program exec's perl script
Script does not use its #! entry
Kernel has disabled setuid/setgid scripts entirely:
Compile suidperl and make it setuid root
(alternately call it sperl5.001)
Set script setuid/setgid to desired id's
Script calls suidperl, suidperl sets euid/egid to desired uid/gid.
In all cases, taint checks are on, and the programmer has to deal with all
the taint issues.
Jeff
so if I'm making a mistake anywhere, I'd appreciate knowing where I've gone
astray. Also, if folks could tell me what versions of Unix fall under which
categories, I'd appreciate that too.
Kernel has secured setuid scripts (such as connecting /dev/fd/3 to the
script): (Solaris x.y)
Compile perl with -DSETUID_SCRIPTS_ARE_SECURE_NOW
Set script setuid/setgid to desired id's
Script calls perl normally
Kernel does not have secure setuid script capability: (HP-UX)
Use wrapper program setuid/setgid to desired uid/gid.
Wrapper program exec's perl script
Script does not use its #! entry
Kernel has disabled setuid/setgid scripts entirely:
Compile suidperl and make it setuid root
(alternately call it sperl5.001)
Set script setuid/setgid to desired id's
Script calls suidperl, suidperl sets euid/egid to desired uid/gid.
In all cases, taint checks are on, and the programmer has to deal with all
the taint issues.
Jeff