Sorry for the delay in summarizing my findings, but I was away on training for
the last week.
Thanks to the following people for leading me in the right direction:
Luis Pablo Perez <firstname.lastname@example.org>
Steve Harris <email@example.com>
Stephen Harris <firstname.lastname@example.org>
Craig Raskin <email@example.com>
JON WRIGHT <Jon.Wright@awtpl.com.au>
Anthony David <firstname.lastname@example.org>
"Carsten B. Knudsen" <email@example.com>
My C wrapper was the problem. It needed to call setuid(0) and seteuid(0) before
exec'ing my script. Here is the corrected C wrapper:
/* program: update
purpose: C program wrapper that calls ksh update.sh script
#define REAL_H2N "/usr/local/dns/update.sh"
The above code sans the corrections is almost word-for-word out of the Perl book
I have (O'Reilly's Advanced Perl Programming). Funny, they didn't mention the
setuid/seteuid function calls! Many people mentioned correcting the Perl code so
that when it runs in "taint" mode it doesn't spit all over itself. I was able to
add a secure environment but I was never able to open files for write properly.
Of course, I got my pointers from the same Perl book mentioned above. Oh well.
------------- Begin Forwarded Message -------------
Date: Fri, 13 Aug 1999 16:17:54 -0400 (EDT)
From: "David W. Blaine" <firstname.lastname@example.org>
Subject: HELP! setuid c wrapper
I am not sure if this is a proper forum for this question but here goes. I have
a ksh script for DNS updates which calls some perl code (h2n). Since this script
needs to run with root priviledge, I wrote a C wrapper that is setuid to call
it. I get the following:
Executing update.sh on Fri Aug 13 16:08:18 EDT 1999:
Backing up old hosts table
Copying hosts table changes into production
Running h2n on new hosts table
Insecure dependency in open while running setuid at /usr/local/bin/h2n line 465.
ERROR encountered during h2n processing!
Perl is complaining about running setuid, but I thought the C wrapper would take
care of that (at least that's what the docs tell me). Here are the permissions I
ls -al update*
-rwsr-xr-- 1 root 23720 Aug 13 16:04 update
-rw-r--r-- 1 root 228 Aug 13 16:03 update.c
-r-xr-xr-- 1 root 4320 Aug 12 13:59 update.sh
-r-xr-xr-- 1 root 20476 Aug 4 16:42 h2n
The system it runs on is running Solaris 2.5.1.
David Blaine (email@example.com)
Computer Systems Engineer
CSC for GDLS
------------- End Forwarded Message -------------
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:25 CDT