Front page | perl.perl5.porters |
Postings from July 2016
[perl #71532] Unfortunate error message for setuid case
From:
Dan Collins via RT
Date:
July 25, 2016 15:59
Subject:
[perl #71532] Unfortunate error message for setuid case
Message ID:
rt-4.0.18-16139-1469462371-1963.71532-15-0@perl.org
On Wed Dec 30 19:36:49 2009, jesse wrote:
> Robin,
>
> Thanks for filing this bug. As you likely know, suidperl has been
> removed from the upcoming Perl 5.12 and the Perl 5.10 release series
> is
> in the "mature and stable" part of its lifecycle. It's _relatively_
> unlikely that this is going to be fixed in a 5.10.2. The report is
> still appreciated, though.
>
>
> Best,
> Jesse
Because this bug is not present in 5.12 and later, and 5.10 is now out of support, I'm closing this ticket.
> On Mon 21.Dec'09 at 16:07:03 -0800, rlpowell@chain.digitalkingdom.org
> (via RT) wrote:
> > # New Ticket Created by rlpowell@chain.digitalkingdom.org
> > # Please include the string: [perl #71532]
> > # in the subject line of all future correspondence about this issue.
> > # <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=71532 >
> >
> >
> >
> > This is a bug report for perl from rlpowell@chain.digitalkingdom.org,
> > generated with the help of perlbug 1.39 running under perl 5.10.1.
> >
> >
> > -----------------------------------------------------------------
> > [Please describe your issue here]
> >
> > On Debian, with perl-suid installed, and setuid on in the OS and so
> > on, the following weirdness occurs:
> >
> > - ------------
> > pinfu:/tmp# cat test.pl
> > #!/usr/bin/perl
> >
> > print "runnig\n";
> > if( $ARGV[0] ) { print "calling: ".qx{/tmp/test.pl}."\n"; }
> > pinfu:/tmp# chown nobody test.pl
> > pinfu:/tmp# chmod a+x,u+s test.pl
> > pinfu:/tmp# ./test.pl 1
> > runnig
> > YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!
> > FIX YOUR KERNEL, OR PUT A C WRAPPER AROUND THIS SCRIPT!
> > calling:
> > pinfu:/tmp# ./test.pl
> > runnig
> > pinfu:/tmp#
> > - ------------
> >
> > If, however, you add this line:
> >
> > $< = $>; # set real to effective uid
> >
> > before the qx{...} line, everything works fine.
> >
> > It would be nice to fix this, but since it's probably not possible,
> > here's my suggested change to the error message:
> >
> > - --------
> > PERL REFUSING TO RUN IN SETUID MODE!
> >
> > See the "Security Bugs" section of "man perlsec" for the exact
> > problem that Perl is trying to work around (and refusing to work
> > around in this case).
> >
> > What's happened here is that Perl has detected that it is being run
> > with an effective uid different from its real uid. This is what
> > happens when the OS does the setuid part before calling Perl to run
> > your script. In that case, you need to do one of two things:
> >
> > 1. Tell your kernel to stop actually running setuid for scripts.
> >
> > 2. Recompile Perl with -DSETUID_SCRIPTS_ARE_SECURE_NOW per "man
> > perlsec".
> >
> > The other possibility is that the calling program has left the
> > effective uid and the real uid mismatched; this happens when a
> > correctly-running setuid Perl script calls another, for example. If
> > the caller of the Perl script emitting this error is itself a Perl
> > script, adding this line before the call:
> >
> > $< = $>; # set real to effective uid
> >
> > will make them equal and solve the problem. If it's not a Perl
> > script, you'll need to figure out how to get it to make the
> > effective uid and real uid match.
> > - --------
> >
> > -Robin
> >
> >
> >
> > [Please do not change anything below this line]
> > -----------------------------------------------------------------
> > ---
> > Flags:
> > category=core
> > severity=low
> > ---
> > Site configuration information for perl 5.10.1:
> >
> > Configured by Debian Project at Sat Nov 21 19:18:01 UTC 2009.
> >
> > Summary of my perl5 (revision 5 version 10 subversion 1)
> > configuration:
> >
> > Platform:
> > osname=linux, osvers=2.6.31-1-amd64, archname=x86_64-linux-gnu-
> > thread-multi
> > uname='linux madeleine 2.6.31-1-amd64 #1 smp mon nov 16 04:44:38
> > utc 2009 x86_64 gnulinux '
> > config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN
> > -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr
> > -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10
> > -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5
> > -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local
> > -Dsitelib=/usr/local/share/perl/5.10.1
> > -Dsitearch=/usr/local/lib/perl/5.10.1 -Dman1dir=/usr/share/man/man1
> > -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1
> > -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl
> > -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio
> > -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib
> > -Dlibperl=libperl.so.5.10.1 -Dd_dosuid -des'
> > hint=recommended, useposix=true, d_sigaction=define
> > useithreads=define, usemultiplicity=define
> > useperlio=define, d_sfio=undef, uselargefiles=define,
> > usesocks=undef
> > use64bitint=define, use64bitall=define, uselongdouble=undef
> > usemymalloc=n, bincompat5005=undef
> > Compiler:
> > cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-
> > aliasing -pipe -fstack-protector -I/usr/local/include
> > -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
> > optimize='-O2 -g',
> > cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing
> > -pipe -fstack-protector -I/usr/local/include'
> > ccversion='', gccversion='4.3.4', gccosandvers=''
> > intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
> > d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
> > ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t',
> > lseeksize=8
> > alignbytes=8, prototype=define
> > Linker and Libraries:
> > ld='cc', ldflags =' -fstack-protector -L/usr/local/lib'
> > libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64
> > libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
> > perllibs=-ldl -lm -lpthread -lc -lcrypt
> > libc=/lib/libc-2.10.1.so, so=so, useshrplib=true,
> > libperl=libperl.so.5.10.1
> > gnulibc_version='2.10.1'
> > Dynamic Linking:
> > dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
> > cccdlflags='-fPIC', lddlflags='-shared -O2 -g -L/usr/local/lib
> > -fstack-protector'
> >
> > Locally applied patches:
> >
> >
> > ---
> > @INC for perl 5.10.1:
> > /etc/perl
> > /usr/local/lib/perl/5.10.1
> > /usr/local/share/perl/5.10.1
> > /usr/lib/perl5
> > /usr/share/perl5
> > /usr/lib/perl/5.10
> > /usr/share/perl/5.10
> > /usr/local/lib/site_perl
> > .
> >
> > ---
> > Environment for perl 5.10.1:
> > HOME=/home/rlpowell
> > LANG=en_US.UTF-8
> > LANGUAGE (unset)
> > LD_LIBRARY_PATH (unset)
> > LOGDIR (unset)
> > PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/home/rlpowell/bin:/var/lib/gems/1.8/bin/:.
> > PERL_BADLANG (unset)
> > SHELL=/usr/bin/zsh
> >
--
Respectfully,
Dan Collins
---
via perlbug: queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=71532
-
[perl #71532] Unfortunate error message for setuid case
by Dan Collins via RT