Re^3: suid, PAR:pp and disabling taint checks: pick any two of them

Extract the part of the code that needs root privileges into a separate process. Make that taint-safe. Hopefully that's not very many lines but for sure it definitely isn't 50KLOC.

Comment on Re^3: suid, PAR:pp and disabling taint checks: pick any two of them

Replies are listed 'Best First'.
Re^4: suid, PAR:pp and disabling taint checks: pick any two of them by azara (Initiate) on Oct 29, 2010 at 13:39 UTC
That's feasible, yes. Actually the packet capturing code is already located in a separate ithread (due to the script's Windows origins) - with ithread-specific communication via threads::shared etc. So that solution would require a re-design of the internal "IPC", extra code for managing the elevated process, and, worst of all - the script would no longer be portable... Any other ideas...? (I also opened a ticket on PAR::Packer - since a way to pass the standard "-UX" option to the Perl interpreter that's in a pp'ed binary would easily solve the problem... :-/ )	[reply]

Replies are listed 'Best First'.

Re^4: suid, PAR:pp and disabling taint checks: pick any two of them
by azara (Initiate) on Oct 29, 2010 at 13:39 UTC

That's feasible, yes. Actually the packet capturing code is already located in a separate ithread (due to the script's Windows origins) - with ithread-specific communication via threads::shared etc.

So that solution would require a re-design of the internal "IPC", extra code for managing the elevated process, and, worst of all - the script would no longer be portable...

Any other ideas...?

(I also opened a ticket on PAR::Packer - since a way to pass the standard "-UX" option to the Perl interpreter that's in a pp'ed binary would easily solve the problem... :-/ )

[reply]