Re: Need help getting rid of taint

Setuid/gid script is writable by world

If you do "ls -l path/name_of_your_script", you will probably see something like this at the beginning of the line of output from "ls":

rwxrwxrwx ...
[download]

The error message is telling you that the ability to modify or rewrite the content of your script is available to everyone who has a login account on your particular host (or network, if the "path/" to your script happens to be on a network-accessible disk volume).

That's a major no-no for any process that involves setuid. Use "chmod" to limit write access to owner-only (not group and not other).

While you're at it, you should limit write permission on the directory that contains the script file in question -- even when the file itself is "rwxr-xr-x", having group and/or other write permission on the directory it's in allows anyone to delete or rename the file, and thereafter, put in some other file with the same name. (I don't know whether taint checking complains about permissions on the directory -- in any case, you should be concerned about that.)

Comment on Re: Need help getting rid of taint Download Code

Replies are listed 'Best First'.
Re^2: Need help getting rid of taint by whollycow (Initiate) on May 14, 2009 at 13:32 UTC
OK. I understand the permission problem, but unfortunately I'm running this script on a cifs-mounted server share and the client doesn't pick up permissions properly. That is, my machine thinks the file has world read/write even though the server only allows r/w to the owner. So I guess my question ultimately is can I tell perl to ignore the ownership and just run the damn thing?	[reply]
Re^3: Need help getting rid of taint by shmem (Chancellor) on May 14, 2009 at 14:14 UTC
Copy it elsewhere, fix the permission bits, run it. Otherwise perl won't let you, and for good. But you should really get that broken client/server setup fixed.	[reply]