in reply to Re: suid perl
in thread suid perl

Hi,

I finally got root access and was able to try running this program as different users, this allowed me to discover that the problem wasn't with the suid, it lay in the fact that i needed to set the shell to '/usr/bin/tcsh' for it to work.

However after taking your advice and writing the wrapper, i received the following error: 

# ./test
Content-Type: text/html; charset=ISO-8859-1
Insecure $ENV{PATH} while running setuid at ./test.pl line 12.

[download]

Line 12 of test.pl is:
open(LIST,"/usr/local/mailman/bin/list_members $listname|") || die "reason: $!";
Is this because i am passing an argument to the shell, can someone please point me in the right direction security wise on how i could fix this.

Thanks in advance

- Neil

Replies are listed 'Best First'.
Re: Re: Re: suid perl
by devslashneil (Friar) on Jun 20, 2003 at 02:47 UTC
    I'm sorry,
    I just realised that the link you posted on perlsec, Address's this issue.
    Please disregard the last post.
[reply]

In Section Seekers of Perl Wisdom