[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Does the RaQ XTR support suid perl?

Subject: Re: [cobalt-users] Does the RaQ XTR support suid perl?
From: josh <josh@xxxxxxxxxxxxxxxxxx>
Date: Wed May 29 14:25:00 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

I have started borrowing the wrapsuid.pl script which came with
OpenWebmail package for the RaQ XTR to work around the problem. I am a
little apprehensive because I don't follow everything it does, but it
does make suid perl programs, with suid bit turned on, executable. I'm
still not sure if it is really executing them as the desired user. I
would like to test it more thoroughly thoug sine it is from
PkgMaster.com to start with, it is easier to assume that they tested
it thoroughly.

On Wed, May 29, 2002 at 12:50:46PM -0700, Bruce Timberlake wrote:
> josh wrote:
> > 
> > It is on when the system come up. The RT FAQ mentioned this as a
> > possibility because it is not uncommon to leave the suidperl with the
> > bit turned off so that users will at least ask themselves why before
> > they turn it on. As far as I can tell the RaQ XTR -- but not earlier
> > -- comes with an suidperl that does not work as expected.
> > "chmod u+s suidperl" won't make it work.
> 
> Did some more digging on the web. Apparently, ext2 is a nosuid

I believe ext2 is the standard linux file system and that the suidperl
program was itself a wrapper that worked its way around this.

> filesystem and that might have something to do with it
> (http://lists.debian.org/debian-devel/1999/debian-devel-199902/msg00295.html)
> 
> http://www.perldoc.com/perl5.6.1/pod/perlsec.html also says that in Perl
> < 5.6.1, suidperl could introduce security holes.  But using Perl 5.6.1,
> if compiled with "-DSETUID_SCRIPTS_ARE_SECURE_NOW" it will work..

It would be nice if the default install of Perl were 5.6.1 but for now
I'm seeing if I can get by with 5.00503 as that's what's installed. I
upgraded once by accident and found that it really would take so much
effort that I should wait for Sun to upgrade. It would be nice if I
could figure out how to use CPAN to get older versions of perl
modules.

> 
> A few other pages I've seen say that you might be able to tinker with
> the mount parameters for the various partitions, but now you're
> venturing WAY outside what's supported, etc...

I see no signs of "what's supported" mattering. I'm supporting the RaQ
mayself; it wouldn't come close to doing what I want if I didn't alter
the set up extensively. All my paperwork says if the hardware fails
they'll replace it. That does remind that I should change the motd
messages, though.

-- 
Josh Kuperman                       
josh@xxxxxxxxxxxxxxxxxx

Follow-Ups:
- Re: [cobalt-users] Does the RaQ XTR support suid perl?
  - From: Bruce Timberlake

References:
- Re: [cobalt-users] Does the RaQ XTR support suid perl?
  - From: Tim Dunn
- Re: [cobalt-users] Does the RaQ XTR support suid perl?
  - From: Bruce Timberlake
- Re: [cobalt-users] Does the RaQ XTR support suid perl?
  - From: Bruce Timberlake

Prev by Date: Re: [cobalt-users] Backup from Raq4 to Raq3
Next by Date: Re: [cobalt-users] RAQ4r Restore Disk
Previous by thread: Re: [cobalt-users] Does the RaQ XTR support suid perl?
Next by thread: Re: [cobalt-users] Does the RaQ XTR support suid perl?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index