Front page | perl.perl5.porters |
Postings from August 2009
On Mon, Aug 17, 2009 at 11:40:43AM -0700, sstrickroth@gym-oha.de (via RT) wrote:
> [apache@proxy /tmp]$ id
> uid=48(apache) gid=48(apache) groups=16(nagcmd),48(apache)
> [apache@proxy /tmp]$ cat bug.pl
> #!/usr/bin/perl
> use File::Copy;
> print copy("/usr/www/cgi-bin/daten/newsanzeiger/Projekttag.jpg","/tmp/1")."\n";
> system("cat /usr/www/cgi-bin/daten/newsanzeiger/Projekttag.jpg");
> [apache@proxy /tmp]$ mount
> //fileserver/newsanzeiger on /usr/www/cgi-bin/daten/newsanzeiger type cifs (ro,mand,noexec,nosuid,nodev)
> [apache@proxy /tmp]$ ls -las /usr/www/cgi-bin/daten/newsanzeiger/Projekttag.jpg
> 68 -rwxrwx--- 1 root apache 63913 Aug 17 14:58 /usr/www/cgi-bin/daten/newsanzeiger/Projekttag.jpg
> [apache@proxy /tmp]$ head /usr/www/cgi-bin/daten/newsanzeiger/Projekttag.jpg
> ÿØÿàJFIFÿÛC
> $.' ",#(7),01444'9=82<.342ÿÛC
> 2!!22222222222222222222222222222222222222222222222222ÿÐÀ"ÿÄÄÿÚ
> å\]Lªå°2ÇÚ¹"ÒI<°2ÀË,»U$R
> 񒫪,
> ...
> [apache@proxy /tmp]$ ./bug.pl
> 1
This indicates the call to copy() was successful.
Is the output file the correct size and content?
> cat: /usr/www/cgi-bin/daten/newsanzeiger/Projekttag.jpg: Permission denied
But cat failed.
> [apache@proxy /tmp]$
>
> User/group apache has the rights to open that file, but with perl: no.
I do wonder if bug.pl is setuid, but copy succeeding and cat failing
seems contradictory anyway.
--
Tony
Thread Previous