Friday, January 14, 2011

Setuid not working on Solaris

I have a Perl script marked setuid, but when I run it, it says I don't have permission to do so. I am running Solaris 10. This works on another system but I can't tell whats different. What am I doing wrong? 

$ ls -l
total 16
-r-sr-x---   1 root     root        7354 Apr 19  2008 myscript
$ ./myscript
./myscript: Permission denied.
From serverfault Eric Johnson

  • Hmm answers to this question suggest that on more modern systems I can only setuid on programs, not on shell scripts. Probably the other system is actually a binary,

    TRS-80 : Perl isn't a shell script, and has its own mechanisms for running suid safely. In this case the first problem is permissions as mpdc says.
    From Eric Johnson

  • I have to ask....The program is owned by root with group root. The user running the program is apparently not root (no # as the command prompt), but is the user in group "root"?

    The quick fix would seem to be for this specific case: 

     chmod o+rx myscript
    David Pashley : +1 this does look like a likely reason.
    From mdpc

  • While I suspect mdpc's answer is the correct one and that you need to change permissions for "other", there is a handy technique you can use for making scripts run as other users. What you need to do is create a very simple C program that takes argv[0], appends something like ".real" and then execs that string. You then move your script from foo.pl to foo.pl.real and move your compiled binary to foo.pl and setuid that binary. Now when you run foo.pl, you'll be running foo.pl.real as the user you want.

    As with any setuid program, you want to make sure that you're not causing a security problem. You should sanitise argv[0] to make sure that it's the program you think you should be running or there's a chance of someone symlinking to the binary and getting permissions they shouldn't.

    From David Pashley

  • mdpc's answer is most likely correct, but note that perl runs differently when it is run setuid.

    amongst other things, it automatically turns on perl's taint mode to force you to sanitise your input and args before using them. it is also very fussy about PATH and other environment variables that can be abused to compromise a system.

    see perlsec(1) for more details (Note: on some systems, including debian, the perl docs are available as man pages. on other systems, almost certainly including Solaris 10, you'll have to run "perldoc perlsec" rather than "man perlsec").

    From Craig Sanders

  • Run the groups command to list the groups that you are a member of. You must be a member of the root group on the system that you're trying to run myscript.

    Check the mount options for the filesystem that the script resides on. There is a nosuid option that can be used to allow or disallow setuid or setgid execution.

    mount|grep rchuck
    /home/rchuck on homedir.mydomain.com:/export/home4/03/rchuck remote/read/write/nosetuid/nodevices/intr/retrans=10/retry=3/xattr/dev=59ca539 on Wed Jul 22 07:41:23 2009

    From Randall
Posted by Mu Cat at 7:00 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)