Path: utzoo!utgpu!watserv1!watmath!att!att!emory!wuarchive!sdd.hp.com!elroy.jpl.nasa.gov!jpl-devvax!lwall
From: lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall)
Newsgroups: comp.lang.perl
Subject: Re: suid perl
Keywords: suidperl scripts
Message-ID: <10082@jpl-devvax.JPL.NASA.GOV>
Date: 23 Oct 90 18:38:57 GMT
References: <1990Oct23.173005.470@cvedc.uucp>
Reply-To: lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall)
Organization: Jet Propulsion Laboratory, Pasadena, CA
Lines: 20

In article <1990Oct23.173005.470@cvedc.uucp> rob@cvedc.UUCP () writes:
: I hate to be ignorant but I am.  I have a need to run suid to change
: symbolic links in a file system to "create" the proper filesystem
: for testers and developers so that can select and run "development"
: software, "beta" software or "released" software.  My understanding
: is that if you compile a C program, make the C program suid owned
: by root, that should do the trick.  Well I did that with both the
: sun4 OS4.0.3 and sun3 OS4.0.1 systems and found that the sparc program
: works but the motorola code.  The complaint I get is:
: 
: Insecure PATH at ./sog line 3.
: 
: sog is the name of the perl script I am calling using the system call
: in the c program.  If I am doing somthing wrong, or if there is another
: way to do what I am after please let me know.

Just set $ENV{'PATH'} explicitly, so that you aren't relying on the PATH
the user supplied, which might let them run programs you didn't anticipate.

Larry