in reply to Re: perl executes mode 0 argument passed script when called through sudo, security hole?
in thread perl executes mode 0 argument passed script when called through sudo, security hole?

Thank you for explaining this Dr Hyde. I know from what I have read, there are numerous ways to execute a script on a system which does not interpret the magic #! line. Your explanation does help to understand these incantations more clearer. I think understanding root can read mode 0 files is the main point. Otherwise, how would you access an nt file, which does not have permissions, after you mounted an ntfs?

For clarification I opened the mode 0 file passed as an argument to emacs whilst in sudo. Surely enough I could read, but not write, to the buffer. :smile

#!/usr/bin/perl -l
 
use warnings;
use strict;

my $var = 'hello world!';
print $var;
exit 0;

[download]

And while passing this script in with the -l option did not cause problems, placing a -T at the end of the she-bang line still made perl complain about the command line lacking the taint mode flag, naturally.

 perl -e 'chmod 10000' ./coyote_ears
  • Comment on Re^2: perl executes mode 0 argument passed script when called through sudo, security hole?
  • Select or Download Code

In Section Seekers of Perl Wisdom