[Techtalk] sh/perl/setuid

Laurel Fan laurel at sdf.lonestar.org
Mon Jan 14 20:01:29 EST 2002

On Mon, Jan 14, 2002 at 06:23:16PM -0800, Nicole Zimmerman wrote:
> The perl script is the "shell" for a user that is going to be logging in
> to do these various useful things. The "shell" calls the setUID scripts
> when certain commands are entered (e.g. restartssh = "are you sure"
> confirm followed by system("sh $path_to_shell_script restart");).

I assume you're being very, very careful with those scripts, and that
no user you don't want to can get access to it, and that neither the
perl script or the shell scripts accept any input from the user

Is that the actual system command you're using?  In that case I don't
believe the setuid bit on $path_to_shell_script is paid attention to,
because the OS considers sh to be the executable, not

There is another issue that bash sometimes silently drops root
privileges when it thinks it's running setuid.

Also, many systems, including Linux, do now allow setuid scripts.

The way to get around this is to write a really tiny setuid binary
that does 1 thing: executes the script (using the full path) with the
bare minimum environment necessary.

laurel at sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org

More information about the Techtalk mailing list