suid, PAR:pp and disabling taint checks: pick any two of them

azara has asked for the wisdom of the Perl Monks concerning the following question:

Dear Monks,

I have a script that runs fine on a Windows platform. The script is distributed to a number of users in binary form by means of PAR:pp.

Now the script has been ported to Linux, where it also runs well, but with one caveat: it requires root privileges in order to perform its tasks (which involve monitoring of network interfaces).

Now users shouldn't be required to work under uid 0, so the natural solution is to make the script (or better, its pp'ed binary counterpart) suid root.

This, in turn, enables taint checks - and the script does not pass them...

I understand that the "clean" solution would be to make the script safe. However

the script is used on systems where every user has root access
and reviewing about 50 KLOC for securing a script on a system where everyone has root access anyway doesn't look like a rewarding activity.

So what I'm looking for is a way to disable taint checks on a pp'ed binary that's suid root.

I figure that passing "-UX" to 'perl' would do the job, but I did not find a way to pass those options to a pp'ed binary. Is there any?

Would there by any other way to disable taint checks?

Comment on suid, PAR:pp and disabling taint checks: pick any two of them

Replies are listed 'Best First'.
Re: suid, PAR:pp and disabling taint checks: pick any two of them by jethro (Monsignor) on Oct 28, 2010 at 17:24 UTC
Create a non-root user. Set the group of your network devices to the group of this user (you might even get away with using the group 'root' for this user, makes things easier). Set the network devices to be group-writable. Use the script as this user (might even work to make the script suid to this user, but that could fire up taint checking too). Or: Just use a group which you give to all your users (i.e. add all your users to the last column of this group in /etc/group). Users have to do 'newgrp <that group>' once in their shell and then can use the network devices if they have the same group. In that case everyone can use their non-root account and the script doesn't need suid since the user has the right to the devices anyway	[reply]
Re^2: suid, PAR:pp and disabling taint checks: pick any two of them by azara (Initiate) on Oct 28, 2010 at 20:51 UTC
Thanks for that suggestion. I'd be happy to try that, but my impression is that I can not work around becoming root. The application uses Net::Pcap for packet capturing, and according to wireshark.org: Running Wireshark (or any other network capture/analyzer, for that matter) on Linux needs root privileges	[reply]
Re^3: suid, PAR:pp and disabling taint checks: pick any two of them by Anonymous Monk on Oct 29, 2010 at 12:43 UTC
Extract the part of the code that needs root privileges into a separate process. Make that taint-safe. Hopefully that's not very many lines but for sure it definitely isn't 50KLOC.	[reply]
Re^4: suid, PAR:pp and disabling taint checks: pick any two of them by azara (Initiate) on Oct 29, 2010 at 13:39 UTC