Re: Problems with rc.subr and suid script

From: Frode Nordahl (frode_at_nordahl.net)
Date: 10/29/04

Next message: MSN Hotmail: "Mail Delivery System (msn_newsletters@hotmail.com)"

Previous message: Chuck Swiger: "Re: Problems with rc.subr and suid script"
In reply to: Eric W. Bates: "Problems with rc.subr and suid script"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Fri, 29 Oct 2004 09:31:38 +0200
To: "Eric W. Bates" <ericx_lists@vineyard.net>

On Oct 28, 2004, at 21:51, Eric W. Bates wrote:

> I've written a CGI which is calling /usr/local/rc.d/squid.sh in an
> attempt to start/stop the proxy. Stopping works fine; however,
> whenever I try to start it I'm having permissions problems.
>
> It seems as tho rc.subr is using RUID instead of EUID.
>
> The CGI is written in perl.

Try to set the real uid then:
$< = $>;

$UID = $EUID;

$REAL_USER_ID = $EFFECTIVE_USER_ID;

(ref perlvar manpage)

shesh. Perl is crazy :-D

Also, suidperl is paranoid about environment etc, so make sure you set
up a safe $ENV{PATH} etc. And of course, try to run the script from
commandline as an unprivileged user and look for errors and warnings.

Mvh,
Frode

> Thanks.
>
> --
> Eric Bates
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

Next message: MSN Hotmail: "Mail Delivery System (msn_newsletters@hotmail.com)"

Previous message: Chuck Swiger: "Re: Problems with rc.subr and suid script"
In reply to: Eric W. Bates: "Problems with rc.subr and suid script"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]