Your script is running setuid - it's effective user ID (root) is different from it's real user ID (you). When this happens, perl turns on 'taint checking'. One thing this does, is complain loudly when you did not set your PATH explicitely in your script - this is the
Insecure $ENV{PATH} while running setuid at ./au.pl line 15. message.
To get rid of this message, you need to set your path explicitely in your script, and set it so that no directory in that path is writable by others than it's owner and group. The easiest way to do this is to simply clear PATH ($ENV{'PATH'}='';) and call all external commands with their full path specified. A quick example:
$ perl -Te 'system("/bin/echo", "Camels have fleas");'
Insecure $ENV{PATH} while running with -T switch at -e line 1.
$ perl -Te '$ENV{PATH}="";system("/bin/echo", "Camels have fleas");'
Camels have fleas
A couple of disclaimers with this code:
- It's not SUID perl, but uses the same tainting mechanism throught the -T switch
- /bin/echo is not a good example (just a quick one) - as it is a shell built in, so just echo would have worked as well.
For more information on this, see perlsec. This is required reading if you are going to be running Perl scrips SUID root.
CU
Robartes-
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.