SETID in kernel

Jeff LaCoursiere jeff at jeff.net
Wed Apr 19 20:11:56 BST 2006


On Wed, 19 Apr 2006, Kevin O'Connor wrote:

> Does /usr/local/bin/suidperl  exist if not then it didn't install with that
> option and Openwebmail will not run.

Hmm, no it wasn't there, but openwebmail is using "speedy_suidperl", which
does exist.  I looked in the work directory of the perl port, and found
that it *did* build an suidperl, just didn't install it anywhere.  I
copied it to /usr/local/bin and set the setuid bit.  So here is what I
have:

fs% ls -l /usr/local/bin/{speedy_suidperl,suidperl}
-r-sr-xr-x  1 root  wheel  40088 Apr 18 14:18
/usr/local/bin/speedy_suidperl*
-rwsr-xr-x  3 root  wheel  79115 Apr 19 12:51 /usr/local/bin/suidperl*
fs% ls -l /tmp/test.pl
-rwsr-xr-x  1 jeff  wheel  42 Apr 19 12:52 /tmp/test.pl*
fs% more /tmp/test.pl
#!/usr/local/bin/speedy_suidperl

exec id
fs% /tmp/test.pl
uid=1001(jeff) gid=0(wheel) groups=0(wheel)
fs%

So you can see, the setuid is not functional.  If I change to use
/usr/local/bin/suidperl, I get:

fs% /tmp/test.pl
sperl needs fd script
You should not call sperl directly; do you need to change a #! line
from sperl to perl?

Umm, well ok, so I change it:

fs% more /tmp/test.pl
#!/usr/local/bin/perl

exec id
fs% /tmp/test.pl
sperl needs fd script
You should not call sperl directly; do you need to change a #! line
from sperl to perl?
fs%

Christ!  How does anyone learn to use this !$#@$@# language without
pulling all their hair out?  Maybe this explains the number of bald perl
developers out there... (just kidding :).

Just for grins I was going to run openwebmail.pl and show you the output I
have been getting, but lo and behold webmail now runs!  I guess it must
have been installing the suidperl binary in /usr/local/bin that made the
difference, but I still don't understand all of the above.  Not that I
really care at this point :)  I suppose this is a bug of the make for
perl5.8.8 in the ports?

Thanks,

j


> I may be wrong but I think speedy_suidperl is just a more secure way insteed
> of just running speed_cgi which Openwebmail used to do.
>
> > -----Original Message-----
> > From: freebsd-users-admin at uk.freebsd.org
> > [mailto:freebsd-users-admin at uk.freebsd.org] On Behalf Of Jeff
> > LaCoursiere
> > Sent: Wednesday, April 19, 2006 6:14 PM
> > To: kevin at ziptek-technologies.co.uk; 'freebsd users'
> > Subject: RE: SETID in kernel
> >
> >
> > I did deinstall and reinstall, and even checked the Config
> > output to make sure it was answering the question "Do you
> > want to enable SUID emulation"
> > correctly, which it was.  So I am reasonably certain that the
> > perl install is good.  Anyone know how to check it?  perl -V
> > doesn't mention anything about it...
> >
> > There is no "suidperl" in this instance - openwebmail seems
> > to want to use "speedy-suidperl", which exists, and by
> > default seems to be setuid itself.  If I try to run this way
> > I get the error message abouth the kernel.  If I take off the
> > SUID bit openwebmail runs without privs, and cannot open its
> > own log file.
> >
> > Sigh.
> >
> > j
>
>
> ------ FreeBSD UK Users' Group  -  Mailing List ------
> http://listserver.uk.freebsd.org/mailman/listinfo/freebsd-users
>
> !DSPAM:44467279268951007318810!
>
>




More information about the Ukfreebsd mailing list