[thelist] Perl script as root
Chris Ditty
CDitty at email.usps.gov
Thu Feb 14 10:43:01 CST 2002
I am trying to run it from the command line. Basically, I am usign
the system() command to call ipchains. The only error that I am
getting is "ipchains (must be root to run this program)".
Chris
______________________________ Reply Separator _________________________________
Subject: Re: [thelist] Perl script as root
Author: thelist-admin at lists.evolt.org at INTERNET
Date: 2/14/2002 10:45 AM
Most UNIX operating systems won't let you do this on scripts. There's
a race condition in the kernel for setuid script execution which is a
security hole.
Are you trying to run your program from the command line? What are
the errors that you are getting? You should probably use taintperl as
well, use -T flag, so that Perl will warn of possible security
problems.
Dean
David Gray writes:
> You have to turn on the setuid bit of your script so that it runs as the
> user it's owned by. You can do this using this syntax (the file has to
> be executable):
>
> chmod +s script.pl
>
> If you'd like to check what user your script is running as before you
> try the setuid stuff, you can check $< (real uid) and $> (effective uid)
> within your program.
>
> HTH,
>
> -dave
>
>
> -----Original Message-----
> From: thelist-admin at lists.evolt.org
> [mailto:thelist-admin at lists.evolt.org] On Behalf Of CDitty
> Sent: Wednesday, February 13, 2002 10:07 PM
> To: thelist at lists.evolt.org
> Subject: [thelist] Perl script as root
>
>
> Hello all,
>
> I wrote a little perl script that catches the ip addresses for people
> trying to access formmail.pl on my site. The script is supposed to add
> the ip to the firewall blocking them from accessing my site in the
> future. Problem is, ipchains needs to be run by root. I have given the
> script root permissions, but it still won't work right. Does anyone
> know how to make a script run as root?
>
> Thanks
>
> Chris
--
For unsubscribe and other options, including
the Tip Harvester and archive of thelist go to:
http://lists.evolt.org Workers of the Web, evolt !
More information about the thelist
mailing list