develooper Front page | perl.perl5.porters | Postings from July 2016

[perl #71532] Unfortunate error message for setuid case

From:
Dan Collins via RT
Date:
July 25, 2016 15:59
Subject:
[perl #71532] Unfortunate error message for setuid case
Message ID:
rt-4.0.18-16139-1469462371-1963.71532-15-0@perl.org
On Wed Dec 30 19:36:49 2009, jesse wrote:
> Robin,
> 
> Thanks for filing this bug. As you likely know, suidperl has been
>  removed from the upcoming Perl 5.12 and the Perl 5.10 release series
> is
> in the "mature and stable" part of its lifecycle.   It's _relatively_
> unlikely that this is going to be fixed in a 5.10.2.  The report is
> still appreciated, though.
> 
> 
> Best,
> Jesse

Because this bug is not present in 5.12 and later, and 5.10 is now out of support, I'm closing this ticket.
> On Mon 21.Dec'09 at 16:07:03 -0800, rlpowell@chain.digitalkingdom.org
> (via RT) wrote:
> > # New Ticket Created by  rlpowell@chain.digitalkingdom.org
> > # Please include the string:  [perl #71532]
> > # in the subject line of all future correspondence about this issue.
> > # <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=71532 >
> >
> >
> >
> > This is a bug report for perl from rlpowell@chain.digitalkingdom.org,
> > generated with the help of perlbug 1.39 running under perl 5.10.1.
> >
> >
> > -----------------------------------------------------------------
> > [Please describe your issue here]
> >
> > On Debian, with perl-suid installed, and setuid on in the OS and so
> > on, the following weirdness occurs:
> >
> > - ------------
> > pinfu:/tmp# cat test.pl
> > #!/usr/bin/perl
> >
> > print "runnig\n";
> > if( $ARGV[0] ) { print "calling: ".qx{/tmp/test.pl}."\n"; }
> > pinfu:/tmp# chown nobody test.pl
> > pinfu:/tmp# chmod a+x,u+s test.pl
> > pinfu:/tmp# ./test.pl 1
> > runnig
> > YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!
> > FIX YOUR KERNEL, OR PUT A C WRAPPER AROUND THIS SCRIPT!
> > calling:
> > pinfu:/tmp# ./test.pl
> > runnig
> > pinfu:/tmp#
> > - ------------
> >
> > If, however, you add this line:
> >
> > $< = $>;            # set real to effective uid
> >
> > before the qx{...} line, everything works fine.
> >
> > It would be nice to fix this, but since it's probably not possible,
> > here's my suggested change to the error message:
> >
> > - --------
> > PERL REFUSING TO RUN IN SETUID MODE!
> >
> > See the "Security Bugs" section of "man perlsec" for the exact
> > problem that Perl is trying to work around (and refusing to work
> > around in this case).
> >
> > What's happened here is that Perl has detected that it is being run
> > with an effective uid different from its real uid.  This is what
> > happens when the OS does the setuid part before calling Perl to run
> > your script.  In that case, you need to do one of two things:
> >
> > 1.  Tell your kernel to stop actually running setuid for scripts.
> >
> > 2.  Recompile Perl with -DSETUID_SCRIPTS_ARE_SECURE_NOW per "man
> > perlsec".
> >
> > The other possibility is that the calling program has left the
> > effective uid and the real uid mismatched; this happens when a
> > correctly-running setuid Perl script calls another, for example.  If
> > the caller of the Perl script emitting this error is itself a Perl
> > script, adding this line before the call:
> >
> > $< = $>;            # set real to effective uid
> >
> > will make them equal and solve the problem.  If it's not a Perl
> > script, you'll need to figure out how to get it to make the
> > effective uid and real uid match.
> > - --------
> >
> > -Robin
> >
> >
> >
> > [Please do not change anything below this line]
> > -----------------------------------------------------------------
> > ---
> > Flags:
> >     category=core
> >     severity=low
> > ---
> > Site configuration information for perl 5.10.1:
> >
> > Configured by Debian Project at Sat Nov 21 19:18:01 UTC 2009.
> >
> > Summary of my perl5 (revision 5 version 10 subversion 1)
> > configuration:
> >
> > Platform:
> >   osname=linux, osvers=2.6.31-1-amd64, archname=x86_64-linux-gnu-
> > thread-multi
> >   uname='linux madeleine 2.6.31-1-amd64 #1 smp mon nov 16 04:44:38
> > utc 2009 x86_64 gnulinux '
> >   config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN
> > -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr
> > -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10
> > -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5
> > -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local
> > -Dsitelib=/usr/local/share/perl/5.10.1
> > -Dsitearch=/usr/local/lib/perl/5.10.1 -Dman1dir=/usr/share/man/man1
> > -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1
> > -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl
> > -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio
> > -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib
> > -Dlibperl=libperl.so.5.10.1 -Dd_dosuid -des'
> >   hint=recommended, useposix=true, d_sigaction=define
> >   useithreads=define, usemultiplicity=define
> >   useperlio=define, d_sfio=undef, uselargefiles=define,
> > usesocks=undef
> >   use64bitint=define, use64bitall=define, uselongdouble=undef
> >   usemymalloc=n, bincompat5005=undef
> > Compiler:
> >   cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-
> > aliasing -pipe -fstack-protector -I/usr/local/include
> > -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
> >   optimize='-O2 -g',
> >   cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing
> > -pipe -fstack-protector -I/usr/local/include'
> >   ccversion='', gccversion='4.3.4', gccosandvers=''
> >   intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
> >   d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
> >   ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t',
> > lseeksize=8
> >   alignbytes=8, prototype=define
> > Linker and Libraries:
> >   ld='cc', ldflags =' -fstack-protector -L/usr/local/lib'
> >   libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64
> >   libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
> >   perllibs=-ldl -lm -lpthread -lc -lcrypt
> >   libc=/lib/libc-2.10.1.so, so=so, useshrplib=true,
> > libperl=libperl.so.5.10.1
> >   gnulibc_version='2.10.1'
> > Dynamic Linking:
> >   dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
> >   cccdlflags='-fPIC', lddlflags='-shared -O2 -g -L/usr/local/lib
> > -fstack-protector'
> >
> > Locally applied patches:
> >
> >
> > ---
> > @INC for perl 5.10.1:
> >     /etc/perl
> >     /usr/local/lib/perl/5.10.1
> >     /usr/local/share/perl/5.10.1
> >     /usr/lib/perl5
> >     /usr/share/perl5
> >     /usr/lib/perl/5.10
> >     /usr/share/perl/5.10
> >     /usr/local/lib/site_perl
> >     .
> >
> > ---
> > Environment for perl 5.10.1:
> >     HOME=/home/rlpowell
> >     LANG=en_US.UTF-8
> >     LANGUAGE (unset)
> >     LD_LIBRARY_PATH (unset)
> >     LOGDIR (unset)
> >     PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/home/rlpowell/bin:/var/lib/gems/1.8/bin/:.
> >     PERL_BADLANG (unset)
> >     SHELL=/usr/bin/zsh
> >


-- 
Respectfully,
Dan Collins

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=71532



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About