Re^2: Is it possible to modify __DATA__ via the DATA file handle or otherwise?

Sorry for this dumb question, but I was wondering what/why the first line (die ...) is used (for).

Comment on Re^2: Is it possible to modify __DATA__ via the DATA file handle or otherwise? Download Code

Replies are listed 'Best First'.
Re^3: Is it possible to modify __DATA__ via the DATA file handle or otherwise? by ikegami (Patriarch) on Feb 17, 2018 at 00:14 UTC
setuid allows a user to execute a script as the script's owner. I believe it can be attacked as follows: Create a symbolic link to the setuid script. Execute the setuid script via that symbolic link. Immediately replace the symbolic link with a file. If you get the timing right, the setuid script will read and write the data from your file instead of from the script file. The script trusts the data since it expects to be the only one able to change it, but you actually have full access to the data. As a variation of the above, the attack could also replace the volume on which the script resides by unmounting it and mounting a new one.	[reply]

Replies are listed 'Best First'.

setuid allows a user to execute a script as the script's owner.

I believe it can be attacked as follows:

Create a symbolic link to the setuid script.
Execute the setuid script via that symbolic link.
Immediately replace the symbolic link with a file.
If you get the timing right, the setuid script will read and write the data from your file instead of from the script file. The script trusts the data since it expects to be the only one able to change it, but you actually have full access to the data.

As a variation of the above, the attack could also replace the volume on which the script resides by unmounting it and mounting a new one.