Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No -e allowed in setuid scripts #676

Closed
p5pRT opened this issue Oct 4, 1999 · 2 comments
Closed

No -e allowed in setuid scripts #676

p5pRT opened this issue Oct 4, 1999 · 2 comments

Comments

@p5pRT
Copy link

p5pRT commented Oct 4, 1999

Migrated from rt.perl.org#1565 (status was 'resolved')

Searchable as RT1565$

@p5pRT
Copy link
Author

p5pRT commented Oct 4, 1999

From musta@eve.info.umoncton.ca

  The following code fragment extracts a user's group id and verifies
whether the user belongs to an authorized group to run the program.


($UserName) = getpwuid($<);
($GroupString) = $(;
@​Array_Of_GroupIDs = split (/ /, $GroupString);
$Counter = 0;
$Is_Authorized = 0;
while ($Array_Of_GroupIDs[$Counter] ne "") {
  if ($Array_Of_GroupIDs[$Counter] eq "55") {
  $Is_Authorized = 1;
  }
  $Counter++;
}
if ($Is_Authorized == 0) {
  print ("You are not authorized to run this program.\n");
  print ("This incident will be reported!\n");
}


Now when I compile the above (using "perlcc"), i get the following​:


% perlcc usergroup.p


Compiling usergroup.p​:


Making C(usergroup.p.c) for usergroup.p!
/usr/bin/perl -I/opt/local/lib/perl5/5.00502/sun4-solaris-thread
-I/opt/local/lib/perl5/5.00502
-I/opt/local/lib/perl5/site_perl/5.005/sun4-solaris-thread
-I/opt/local/lib/perl5/site_perl/5.005 -I. -MO=CC,-ousergroup.p.c usergroup.p
usergroup.p syntax OK
Compiling C(usergroup) for usergroup.p!
/usr/bin/perl -I/opt/local/lib/perl5/5.00502/sun4-solaris-thread
-I/opt/local/lib/perl5/5.00502
-I/opt/local/lib/perl5/site_perl/5.005/sun4-solaris-thread
-I/opt/local/lib/perl5/site_perl/5.005 -I. /tmp/usergroup.p.tst
cc -D_REENTRANT -I/opt/local/include -I/opt/gnu/include -O
-I/opt/local/lib/perl5/5.00502/sun4-solaris-thread/CORE
/opt/local/lib/perl5/5.00502/sun4-solaris-thread/auto/Fcntl/Fcntl.so -o
usergroup usergroup.p.c -L/opt/local/lib -L/opt/gnu/lib
-L/opt/local/lib/perl5/5.00502/sun4-solaris-thread/CORE -lperl -lsocket
-lnsl -ldl -lm -lposix4 -lpthread -lc -lcrypt
%


The compilation seems to have gone fine. However, when I "chown" the
binary to "root", then "chmod" it to "4755" (or -rwsr-xr-x), and try to
run it I get the following​:


% uname -rs
SunOS 5.6

% id
uid=1519(obeidm) gid=55(controls)

% ls -ls ./usergroup
1632 -rwsr-xr-x 1 root controls 837616 Sep 30 14​:46 ./usergroup

% file ./usergroup
./usergroup​: ELF 32-bit MSB executable SPARC Version 1, dynamically
  linked, not stripped

% ./usergroup
No -e allowed in setuid scripts.


But then, I get the following when I run the set-user-id script​:


% ls -ls ./usergroup.p
  2 -rwsr-xr-x 1 root controls 495 Oct 1 15​:18 ./usergroup.p

% file ./usergroup.p
./usergroup.p​: set-uid executable /opt/local/bin/perl script

% ./usergroup.p
You are not authorized to run this program.
This incident will be reported!


which is what it is supposed to be with the binary.

How come I get the above error message ("No -e allowed in setuid scripts")
when I run the set-user-id binary, while the set-user-id script runs fine?

I thought that might be a bug that should be reported to you. Oh, I'm
running version version 5.005_02.

Thanks!
-Mustapha

@p5pRT
Copy link
Author

p5pRT commented Oct 4, 1999

From [Unknown Contact. See original ticket]

Hello,

  The following code fragment extracts a user's group id and verifies
whether the user belongs to an authorized group to run the program.


($UserName) = getpwuid($<);
($GroupString) = $(;
@​Array_Of_GroupIDs = split (/ /, $GroupString);
$Counter = 0;
$Is_Authorized = 0;
while ($Array_Of_GroupIDs[$Counter] ne "") {
  if ($Array_Of_GroupIDs[$Counter] eq "55") {
  $Is_Authorized = 1;
  }
  $Counter++;
}
if ($Is_Authorized == 0) {
  print ("You are not authorized to run this program.\n");
  print ("This incident will be reported!\n");
}


Now when I compile the above (using "perlcc"), i get the following​:


% perlcc usergroup.p


Compiling usergroup.p​:


Making C(usergroup.p.c) for usergroup.p!
/usr/bin/perl -I/opt/local/lib/perl5/5.00502/sun4-solaris-thread
-I/opt/local/lib/perl5/5.00502
-I/opt/local/lib/perl5/site_perl/5.005/sun4-solaris-thread
-I/opt/local/lib/perl5/site_perl/5.005 -I. -MO=CC,-ousergroup.p.c usergroup.p
usergroup.p syntax OK
Compiling C(usergroup) for usergroup.p!
/usr/bin/perl -I/opt/local/lib/perl5/5.00502/sun4-solaris-thread
-I/opt/local/lib/perl5/5.00502
-I/opt/local/lib/perl5/site_perl/5.005/sun4-solaris-thread
-I/opt/local/lib/perl5/site_perl/5.005 -I. /tmp/usergroup.p.tst
cc -D_REENTRANT -I/opt/local/include -I/opt/gnu/include -O
-I/opt/local/lib/perl5/5.00502/sun4-solaris-thread/CORE
/opt/local/lib/perl5/5.00502/sun4-solaris-thread/auto/Fcntl/Fcntl.so -o
usergroup usergroup.p.c -L/opt/local/lib -L/opt/gnu/lib
-L/opt/local/lib/perl5/5.00502/sun4-solaris-thread/CORE -lperl -lsocket
-lnsl -ldl -lm -lposix4 -lpthread -lc -lcrypt
%


The compilation seems to have gone fine. However, when I "chown" the
binary to "root", then "chmod" it to "4755" (or -rwsr-xr-x), and try to
run it I get the following​:


% uname -rs
SunOS 5.6

% id
uid=1519(obeidm) gid=55(controls)

% ls -ls ./usergroup
1632 -rwsr-xr-x 1 root controls 837616 Sep 30 14​:46 ./usergroup

% file ./usergroup
./usergroup​: ELF 32-bit MSB executable SPARC Version 1, dynamically
  linked, not stripped

% ./usergroup
No -e allowed in setuid scripts.


But then, I get the following when I run the set-user-id script​:


% ls -ls ./usergroup.p
  2 -rwsr-xr-x 1 root controls 495 Oct 1 15​:18 ./usergroup.p

% file ./usergroup.p
./usergroup.p​: set-uid executable /opt/local/bin/perl script

% ./usergroup.p
You are not authorized to run this program.
This incident will be reported!


which is what it is supposed to be with the binary.

How come I get the above error message ("No -e allowed in setuid scripts")
when I run the set-user-id binary, while the set-user-id script runs fine?

I thought that might be a bug that should be reported to you. Oh, I'm
running version version 5.005_02.

Thanks!
-Mustapha

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant