SETID in kernel

Jeff LaCoursiere jeff at jeff.net
Wed Apr 19 20:22:43 BST 2006


Ack, trying to stave off the flames, I figured out my test.pl issue...
helps if the owner of the file is root :)  Seems you must call the
speedy_suidperl binary to get this working at all...

fs% ls -ld /tmp/test.pl
-rwsr-xr-x  1 root  wheel  42 Apr 19 13:17 /tmp/test.pl*
fs% more /tmp/test.pl
#!/usr/local/bin/speedy_suidperl

exec id
fs% /tmp/test.pl
uid=1001(jeff) euid=0(root) gid=0(wheel) groups=0(wheel)
fs%

Hurray!

Thanks for all the advice!

j

On Wed, 19 Apr 2006, Jeff LaCoursiere wrote:

>
> On Wed, 19 Apr 2006, Kevin O'Connor wrote:
>
> > Does /usr/local/bin/suidperl  exist if not then it didn't install with that
> > option and Openwebmail will not run.
>
> Hmm, no it wasn't there, but openwebmail is using "speedy_suidperl", which
> does exist.  I looked in the work directory of the perl port, and found
> that it *did* build an suidperl, just didn't install it anywhere.  I
> copied it to /usr/local/bin and set the setuid bit.  So here is what I
> have:
>
> fs% ls -l /usr/local/bin/{speedy_suidperl,suidperl}
> -r-sr-xr-x  1 root  wheel  40088 Apr 18 14:18
> /usr/local/bin/speedy_suidperl*
> -rwsr-xr-x  3 root  wheel  79115 Apr 19 12:51 /usr/local/bin/suidperl*
> fs% ls -l /tmp/test.pl
> -rwsr-xr-x  1 jeff  wheel  42 Apr 19 12:52 /tmp/test.pl*
> fs% more /tmp/test.pl
> #!/usr/local/bin/speedy_suidperl
>
> exec id
> fs% /tmp/test.pl
> uid=1001(jeff) gid=0(wheel) groups=0(wheel)
> fs%
>
> So you can see, the setuid is not functional.  If I change to use
> /usr/local/bin/suidperl, I get:
>
> fs% /tmp/test.pl
> sperl needs fd script
> You should not call sperl directly; do you need to change a #! line
> from sperl to perl?
>
> Umm, well ok, so I change it:
>
> fs% more /tmp/test.pl
> #!/usr/local/bin/perl
>
> exec id
> fs% /tmp/test.pl
> sperl needs fd script
> You should not call sperl directly; do you need to change a #! line
> from sperl to perl?
> fs%
>
> Christ!  How does anyone learn to use this !$#@$@# language without
> pulling all their hair out?  Maybe this explains the number of bald perl
> developers out there... (just kidding :).
>
> Just for grins I was going to run openwebmail.pl and show you the output I
> have been getting, but lo and behold webmail now runs!  I guess it must
> have been installing the suidperl binary in /usr/local/bin that made the
> difference, but I still don't understand all of the above.  Not that I
> really care at this point :)  I suppose this is a bug of the make for
> perl5.8.8 in the ports?
>
> Thanks,
>
> j
>
>
> > I may be wrong but I think speedy_suidperl is just a more secure way insteed
> > of just running speed_cgi which Openwebmail used to do.
> >
> > > -----Original Message-----
> > > From: freebsd-users-admin at uk.freebsd.org
> > > [mailto:freebsd-users-admin at uk.freebsd.org] On Behalf Of Jeff
> > > LaCoursiere
> > > Sent: Wednesday, April 19, 2006 6:14 PM
> > > To: kevin at ziptek-technologies.co.uk; 'freebsd users'
> > > Subject: RE: SETID in kernel
> > >
> > >
> > > I did deinstall and reinstall, and even checked the Config
> > > output to make sure it was answering the question "Do you
> > > want to enable SUID emulation"
> > > correctly, which it was.  So I am reasonably certain that the
> > > perl install is good.  Anyone know how to check it?  perl -V
> > > doesn't mention anything about it...
> > >
> > > There is no "suidperl" in this instance - openwebmail seems
> > > to want to use "speedy-suidperl", which exists, and by
> > > default seems to be setuid itself.  If I try to run this way
> > > I get the error message abouth the kernel.  If I take off the
> > > SUID bit openwebmail runs without privs, and cannot open its
> > > own log file.
> > >
> > > Sigh.
> > >
> > > j
> >
> >
> > ------ FreeBSD UK Users' Group  -  Mailing List ------
> > http://listserver.uk.freebsd.org/mailman/listinfo/freebsd-users
> >
> >
> >
> >
>
> ------ FreeBSD UK Users' Group  -  Mailing List ------
> http://listserver.uk.freebsd.org/mailman/listinfo/freebsd-users
>
> !DSPAM:44468c06280191084240239!
>
>




More information about the Ukfreebsd mailing list