suidperl not working?

mas has asked for the wisdom of the Perl Monks concerning the following question:

Hello monks,

I'm trying to write a suid script.

perldoc perlsec, and Erik Hensema in this node, both say that perl will automatically call suidperl if it detects that the script it's starting is setuid.

In my case, that doesn't seem to be happening. I've written a little test script (see my scratchpad). If I change its ownership to root and make it setuid, it should print:

UID:  <my uid>
EUID: 0
[download]

Right? But it doesn't. I get:

UID:  <my uid>
EUID: <my uid>
[download]

If I substitute /usr/bin/suidperl for /usr/bin/perl in the #! line, it does the right thing. But Erik Hensema (same node as above) says I shouldn't do that.

If I shouldn't do that, how do I get my script to do the right thing?

Thanking you.

Comment on suidperl not working? Select or Download Code

Replies are listed 'Best First'.
Re: suidperl not working? by virtualsue (Vicar) on May 22, 2002 at 12:40 UTC
Please give us more info on your platform, Perl version, etc. I have no problem getting this to work as expected on my system (Sun/Solaris 2.8/Perl 5). Are you sure you did a `chmod u+s script_name`?	[reply] [d/l]
Re: Re: suidperl not working? by mas (Novice) on May 22, 2002 at 16:05 UTC
Sure, no problem. I'm using Perl5.005_03 on RedHat 6.2 for x86. The test script is installed like this: `$ ls -l test.pl -rwsr-xr-x 1 root root 101 May 22 12:38 test.pl` [download] I didn't build the Perl version on this system, and the person who did doesn't work here any more. Might this functionality have been disabled when Perl was compiled? Or any other suggestions, or any other information I can provide that might be helpful? Thanks again.	[reply] [d/l]
Re: Re: Re: suidperl not working? by virtualsue (Vicar) on May 22, 2002 at 17:12 UTC
Aha, I just looked at hints/linux.sh for my Perl 5.6.1 installation, and found the following statement: # No version of Linux supports setuid scripts. I tried it on a PC here running SuSE Linux, and it didn't work there either.	[reply]
Re: Re: Re: Re: suidperl not working? by mas (Novice) on May 22, 2002 at 17:47 UTC
Re: Re: Re: Re: Re: suidperl not working? by virtualsue (Vicar) on May 22, 2002 at 21:18 UTC
Re: suidperl not working? by Nomad (Pilgrim) on May 23, 2002 at 22:51 UTC
It's probably better practice anyway to have one script running under the uid you want to set to as a listener/server/daemon/whatever and having information passed to it by the script running under the original uid. Of course there is a multitude of ways you can do this. *nix is nice in that you can use fifos, but sockets are also fun :). On the other hand I suppose you could use files and perhaps Data::Dumper - the possibilities are endless. It's what I've been doing and it works fine.	[reply]