Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!lll-winken!elroy.jpl.nasa.gov!jpl-devvax!lwall
From: lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall)
Newsgroups: comp.lang.perl
Subject: Re: setuid problems when using suidscript
Message-ID: <11684@jpl-devvax.JPL.NASA.GOV>
Date: 5 Mar 91 18:38:52 GMT
References: <395@camdev.comm.mot.com?>
Reply-To: lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall)
Organization: Jet Propulsion Laboratory, Pasadena, CA
Lines: 32

In article <395@camdev.comm.mot.com?> mmuegel@mot.com (Michael S. Muegel) writes:
: Probably yet another rookie question from a new Perl user, but here goes. I
: was trying to use suidscript from Ch6 of the book to make a C wrapper so
: a script of mine can run suid root without using suidperl.
: 
: Here is what I did:
: 
:    + the script has #!/usr/local/bin/perl
:    + changed the mode so that it is setuid root (had to do this to get
:      suidscript to do anything)
:    + ran suidscript with the full pathname of the Perl script

That's the way.

: When I run the wrapper I get this:
: 
:    Can't run setuid script with taint checks.
: 
: Can anyone explain this? Basically I DO NOT want to use taintperl so
: I thought that by using a C wrapper I could get around this. 

You DO SO want to use taintperl.  ESPECIALLY on a script running setuid root.

The error message indicates that ordinary perl couldn't exec taintperl for
some reason, such as non-existence.  You need to make sure taintperl is
installed correctly.

Not using taintperl on setuid scripts is silly, considering that taintperl
rarely gets in your way except when it's saving your bacon.  When taintperl
tells you there's an insecure dependency, you'd better take it seriously.

Larry