[thelist] Perl script as root

Chris Ditty CDitty at email.usps.gov
Thu Feb 14 10:43:01 CST 2002 

     I am trying to run it from the command line.  Basically, I am usign
     the system() command to call ipchains.  The only error that I am
     getting is "ipchains (must be root to run this program)".

     Chris


______________________________ Reply Separator _________________________________
Subject: Re: [thelist] Perl script as root
Author:  thelist-admin at lists.evolt.org at INTERNET
Date:    2/14/2002 10:45 AM


Most UNIX operating systems won't let you do this on scripts.  There's
a race condition in the kernel for setuid script execution which is a
security hole.

Are you trying to run your program from the command line?  What are
the errors that you are getting?  You should probably use taintperl as
well, use -T flag, so that Perl will warn of possible security
problems.

Dean


David Gray writes:

> You have to turn on the setuid bit of your script so that it runs as the
> user it's owned by. You can do this using this syntax (the file has to
> be executable):
>
> chmod +s script.pl
>
> If you'd like to check what user your script is running as before you
> try the setuid stuff, you can check $< (real uid) and $> (effective uid)
> within your program.
>
> HTH,
>
>  -dave
>
>
> -----Original Message-----
> From: thelist-admin at lists.evolt.org
> [mailto:thelist-admin at lists.evolt.org] On Behalf Of CDitty
> Sent: Wednesday, February 13, 2002 10:07 PM
> To: thelist at lists.evolt.org
> Subject: [thelist] Perl script as root
>
>
> Hello all,
>
> I wrote a little perl script that catches the ip addresses for people
> trying to access formmail.pl  on my site.  The script is supposed to add
> the ip to the firewall blocking them from accessing my site in the
> future.  Problem is, ipchains needs to be run by root.  I have given the
> script root permissions, but it still won't work right.  Does anyone
> know how to make a script run as root?
>
> Thanks
>
> Chris
--
For unsubscribe and other options, including
the Tip Harvester and archive of thelist go to:
http://lists.evolt.org Workers of the Web, evolt !

More information about the thelist mailing list