Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!uunet!mcsun!ukc!pyrltd!jimmy
From: jimmy@pyrltd.UUCP (Jimmy Aitken)
Newsgroups: comp.lang.perl
Subject: perl scripts run whilst root
Message-ID: <1731@pyrltd.UUCP>
Date: 21 Feb 90 10:46:28 GMT
Reply-To: jimmy@pyrltd.UUCP (Jimmy Aitken)
Organization: Pyramid Technology Ltd, Farnborough, ENGLAND
Lines: 38

According to the manual, there a re certain checks done when running a
setuid perl script to check whether or not opertaions are safe or not.
I've run into problems with this when running perl scripts when I've
su-ed to root.  The scripts aren't setuid, but complain none the less.
For example, the 'rename' script below, tells me about 'Insecure PATH"
at line 4.  If I set the PATH explicitly, it then complains thus:
Insecure dependency in eval at ./ren line 8, <_GEN_0> line 33;

If I run this as me, everything works fine.  I was wondering if there
could be a flag added to allow 'tainted' variables and insecure
dependencies and paths to be 'ignored' so that things like the above
could work.  I know that this could be dangerous, in that it could
become the default and people use it when they can't be bothered to
work out a secure script.

Other than that, can anyone tell me how to get the program to work
when I'm root?

-----
#!/usr/local/bin/perl
$_=($subst = shift);
$ENV{'PATH'}="/bin:/usr/bin";
@ARGV = <*> if $#ARGV < 0;

foreach $name (@ARGV) {
    $_ = $name;
    eval "$subst;";
    die $@ if $@;
    rename($name,$_) unless ($name eq $_);
}
-----

Jimmy
-- 
      -m-------  Jimmy Aitken                ...!mcvax!ukc!pyrltd!jimmy
    ---mmm-----  Pyramid Technology Ltd      jimmy@pyra.co.uk
  -----mmmmm---  Pyramid House, Solartron Rd jimmy@pyramid.pyramid.com
-------mmmmmmm-  Hants GU14 7PL, ENGLAND     (+44) 252 373035