in reply to Modern and Robust Module for privilege separation Linux

Thanks for your reply bliako

I think I found possible solution using just sudo

have a program Perl and make executable chmod + x

in sudo whitelist that program and nothing else, I test it and work

because inside the program exist the location to binary perl hashbang or sh-bang

In the case of https://security.stackexchange.com/questions/219989/sudo-white-list-just-program-perl you have to white list perl binary and the program

So inside of perl program you can set Taint mode, ops, Safe

That mean have a helper or wrapper perl program (this have all privileges of sudo because this working white list a single program) inside of program you have to parameterised all the commands, is like dispatch table.

Related to hashbang or sh-bang security, I read a case of perl would redirect to another interpreter:

The change to hashbang redirection introduced in Perl 5.24.0, whereby perl would redirect to another interpreter (Perl 6) if it found a hashbang path which contains "perl" followed by "6"

source: https://perldoc.pl/perl5241delta

is this solution good?

  • Comment on Re: Modern and Robust Module for privilege separation Linux

In Section Seekers of Perl Wisdom