Here is the question:
Hi!
I'm lookin for a way to create an telnet account where the shell will give
access to a program and as soon as the program terminate, it will close
the telnet access. What I have done so far, I create the script (let's
call it foo.pl) and I place an entry in my passwd table:
user:x:100:100:User Name:/home/user:/home/user/foo
Well it seems pretty simple but where things get complicated is when I say
that this script need to execute suid root....
I tried chmod +s foo.pl but when I log via telnet with user I get this
messages::
Insecure $ENV{PATH} while running setgid at /home/user/foo.pl line
155.
Connection closed by foreign host.
What should I do to make it work and also in what way can I make it
supersafe????/
Any help would be appreciated....
I will summarize...
And here is the summary:
Almost everybody told me to read the Camel book carefully.. (which I did,
thank you for the reminder ;-) ).
The two solutions are:
1. Use taintperl.
2. put the account with uid of 0 (root).
I used the second one only because I was short in time... but the first
one is much more interesting... I will certainly use it in the future...
So here is the answers:
From: Kevin Lyda <kevin@NDA.COM>
you need to read up on how perl deals with being setuid. look up
things like taint, etc. the camel book will point you the right way.
kevin
From: Richard Pieri <ratinox@unilab.dfci.harvard.edu>
You cannot do it. The kernel will strip the root UID when it executes
the scripts. The reason is that under certain circumstances a race
condition will develop, allowing nonpriviledged root access. The
solution is to write a C wrapper program, put the suid bit on that, and
make absolutely, positively certain that it can only access the one
script you want it to. And be extraordinarilly careful with your
script; one bug and almost anything can happen.
From: "Matt Hill" <MHILL@graver.com>
one solution would be to give that particular userid in the passwd
file a uid of 0. there are a lot of security issues involved in
this, but it's basically what you're trying to do anyway. foo.pl
will be called with root permissions. you have to make
_absolutely_sure_ that foo.pl is "safe" and that _any_ programs it
calls which do not need superuser permissions are called under a
non-privliged uid, such as nobody. for situations like this, i
usually would discourage the use of a script, because it's generally
harder to make it secure. you might want to use a C program instead.
From: Mitch Patenaude <mrp@northcoast.com>
Why not just make the uid of this account 0? Solves your problem...
provided you use /etc/shells properly (in Sol 2.x anyway).
I will refer you to the Camel book[*], Chapter 7, section 5. (pg 374
in my copy), which deals with taintperl and using suid scripts.
even if you change the UID and dont' need to make it setuid, it's
a good idea to follow the procedures outlined therein.
[*] "Programming Perl", by Larry Wall and Randal L. Schwartz,
(O'Reilly & Associates Inc.) ISBN: 0-937175-64-1
From: hu@garfield.m.isar.de (Martin Huber)
If any person loggin on to this account can do only one script, and this shall
run as root, why dont you use the root uid for this account?
user:x:0:1:dangerous-root-account:/home/user:/home/user/foo
From: "Steve Madden (Unix Systems Programmer)" <smadden@csu.EDU.AU>
Hi Richard,
At the start of the program put in these two lines;
$ENV{'PATH'} = '/bin:/usr/bin';
I hate to say it, but this is just your first error, you will get a few.
Get hold of a copy of Programming Perl (Larry Wall) and turn to page 375.
The perl script will not let you execute it until its happy that it is
secure.
To make it super safe, capture all SIGs and exit on each one and if you
like, hardcode a crypted password, so the user has to enter a password
to use the program (or feature of that program)
From: Anderson McCammont <and@morgan.com>
try suidperl
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:01 CDT