Path: utzoo!attcan!uunet!decwrl!elroy.jpl.nasa.gov!jpl-devvax!lwall
From: lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall)
Newsgroups: comp.lang.perl
Subject: Re: Setuid/setgid scripts
Message-ID: <7557@jpl-devvax.JPL.NASA.GOV>
Date: 26 Mar 90 23:15:02 GMT
References: <1395@frankland-river.aaii.oz.au>
Reply-To: lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall)
Organization: Jet Propulsion Laboratory, Pasadena, CA
Lines: 42

In article <1395@frankland-river.aaii.oz.au> pem@frankland-river.aaii.oz.au (Paul E. Maisano) writes:
: 
: I am trying to run a perl script setgid but have had some problems.
: 
: I am running perl under SUNOS 4.0, so scripts are insecure.
: Perl reminded me of this loudly after I made the script setgid.
: 
: I don't know how to disable setuid/setgid scripts in the kernel (but
: would be interested in finding out). Also I don't have the undump program
: handy. So I decided I would simply put a setgid C wrapper around the script.
: Something like:
:     main(ac, av)
:     char **av;
:     {
: 	execv("/usr/local/bin/script", av);
:     }
: 
: I tried this without changing the mode of the wrapper to be setgid. It ran
: ok but without access to the files I needed, as expected.
: As soon as I made the wrapper setgid, perl started dumping core.

This is odd, because I just ran a setgid script here with no problem.  The
script says

	#!/usr/bin/perl
	print "$(\n$)\n";

I wrapped it with a wrapper very much like the one above, and it works fine.
I run it and it says

	20 35 10 3 0 20
	25 35 10 3 0 20

I'm running it under SunOS 4.0.3.

: It stopped dumping core after I added the following line before the execv.
:     setrgid(getegid());

I don't need that here, as you can tell by the values above.  BTW, I didn't
compile with DOSUID, if that makes any difference.

Larry