Re: Are setuid #!/foo/bar scripts secure in Linux ?

H. Peter Anvin (hpa@transmeta.com)
19 Aug 1996 21:16:37 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Rob Riggs: "Re: >64M RAM cache requirements?"
Previous message: Matthias Urlichs: "Re: Networking stalls: More details"

Followup to: <Pine.LNX.3.95.960813215022.7933C-100000@xarius.demon.co.uk>
By author: Darren J Moffat <darren@xarius.demon.co.uk>
In newsgroup: linux.dev.kernel
>
> Nice, Idea but the way Perl does it is _very_, _very_, bad I just spent 3
> days trying to get a script that works perfectly well non setuid running
> when it as setuid (this is what prompted the original message) I had to
> rewrite nice clean code into hacky regexps with selections from them on
> the next line because of the way perl taints untrusted data.
>
> eg.
> In the non setuid version
> $device = $ARGV[0];
> In the setuid version
>
> $ARGV[0] =~ /(\S+)/;
> $device = $1;
>
>
> I know the regexps aren't complex but the setuid version is a major hack.
>
> If fact this belongs in a perl-advocacy list so I won't bring it up again.
>

Well, you *should* check that noone trying to make you pass something
as a flag or the like; if you don't want to do it "manually", then
define a subroutine:

sub launder {
local($arg) = @_[0];
$arg =~ /^-P(\w+)$/;
return $1;
};

$device = &launder($ARGV[0]);

Then run taintperl directly if you want to debug nonsetuid.

-hpa

Next message: Rob Riggs: "Re: >64M RAM cache requirements?"
Previous message: Matthias Urlichs: "Re: Networking stalls: More details"