Thenothing has asked for the wisdom of the Perl Monks concerning the following question:

Dear brothers, I will tried my very best to do this right

Here we go, last week I was looking for alternative to sudo

https://www.sudo.ws/other.html

Why, because this

https://security.stackexchange.com/questions/219989/sudo-white-list-just-program-perl

for python I found

https://github.com/openstack/oslo.privsep 
OpenStack’s privilege mechanism has evolved over time from simple sudo
+ers file to rootwrap.

The rootwrap security policy revolves around whitelisting particular c
+ommand lines via the configuration of various “filters”. Configuring 
+these correctly are hard, because the filters have limited expressive
+ness, command line tools typically weren’t expected to be the privile
+ge boundary, and the “context” of the original operation has already 
+been lost at this level.

Generating command lines and parsing textual output from tools is slow
+ and susceptible to inconsistencies across tool versions, since typic
+ally this output was not designed as a programmatic API.

This spec proposes a new privilege mechanism that is based around pyth
+on function calls rather than command lines

OpenStack library for privilege separation

This library helps applications perform actions which require more or 
+less privileges than they were started with in a safe, easy to code a
+nd easy to use manner.

In a similar way to rootwrap-daemon, privsep runs two processes - one 
+with and one without privileges. The privileged process is as minimal
+ as possible, and is written to assume it is possibly under attack by
+ the unprivileged process.

To limit the impact of a potential exploit, this spec proposes the pri
+vileged process support the use of Linux capabilities to allow the pr
+ocess to drop broad root (uid=0) superpowers but keep a limited subse
+t

[download]

So my question, do you know some perl program or c library like python library?

If not exist I will tried to do this approach: see post of Nominal Animal

https://stackoverflow.com/questions/13040644/setuid-equivalent-for-non-root-users

what do you think about this approach?

Replies are listed 'Best First'.
Re: Modern and Robust Module for privilege separation Linux
by bliako (Abbot) on Oct 30, 2019 at 21:17 UTC

    I get a very vague idea of what you are trying to tell us you want to achieve: Do you want a webservice to run a perl script as root using sudo without granting, through that webservice, root privileges to the perl interpreter so that it can run any other program as root too?

    If that's what you want, then how about embedding perl and hardcoding your perl script within a C program and granting that program the root privilege. In other words you have created an executable which contains a perl interpreter BUT will interpret only the script you hardcode in the C program and nothing else. At least that's the idea -- I am not an expert on security though.

    Here is an example C program (skeleton for it is at: perlembed) -- WARNING: to demonstrate root privilege passed on to perl's system(), this program touches the file 'xyz' in current dir, possibly as root if you sudo it.:

    // cc -o embed_example embed_example.c `perl -MExtUtils::Embed -e ccop
+ts -e ldopts`

#include <EXTERN.h>
#include <perl.h>
static PerlInterpreter *my_perl;
int main (int argc, char **argv, char **env)
{
    char *embedding[] = { "", "-e", "0", NULL };
    PERL_SYS_INIT3(&argc,&argv,&env);
    my_perl = perl_alloc();
    perl_construct( my_perl );
    perl_parse(my_perl, NULL, 3, embedding, NULL);
    PL_exit_flags |= PERL_EXIT_DESTRUCT_END;
    perl_run(my_perl);
    eval_pv(
          // here is the mock script:
          "my $a = 12; print \"a=$a\n\";"
          "system('touch xyz; ls -al xyz');"
          "print 'iam: '.(getpwuid $<).\"\n\";"
          , TRUE
    );
    perl_destruct(my_perl);
    perl_free(my_perl);
    PERL_SYS_TERM();
}

    [download]

    In my OSX, sudo'ing the above executable will create file xyz with root as owner. Replace mock script with your own perl script.

    Edit: I changed the mock script to show uid

    bw, bliako

[reply]
[d/l]
Re: Modern and Robust Module for privilege separation Linux
by Thenothing (Sexton) on Nov 13, 2019 at 00:13 UTC

    Thanks for your reply bliako

    I think I found possible solution using just sudo

    have a program Perl and make executable chmod + x

    in sudo whitelist that program and nothing else, I test it and work

    because inside the program exist the location to binary perl hashbang or sh-bang

    In the case of https://security.stackexchange.com/questions/219989/sudo-white-list-just-program-perl you have to white list perl binary and the program

    So inside of perl program you can set Taint mode, ops, Safe

    That mean have a helper or wrapper perl program (this have all privileges of sudo because this working white list a single program) inside of program you have to parameterised all the commands, is like dispatch table.

    Related to hashbang or sh-bang security, I read a case of perl would redirect to another interpreter:

    The change to hashbang redirection introduced in Perl 5.24.0, whereby perl would redirect to another interpreter (Perl 6) if it found a hashbang path which contains "perl" followed by "6"

    source: https://perldoc.pl/perl5241delta

    is this solution good?

[reply]

Back to Seekers of Perl Wisdom