I'm using suidperl to run some programs that require root permissions. however, the runtime linker won't expand library paths which contain $ORIGIN entries so the programs i want to run (jstack from java) won't run.
There is one exception to the advice to make heavy use of $ORIGIN. The runtime linker will not expand tokens like $ORIGIN for secure (setuid) applications. This should not be a problem in the vast majority of cases.
my program looks something like this:
#!/usr/bin/perl
$ENV{PATH} = "/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/java/jdk1.6.0_12/bin:/root/bin";
$ENV{JAVA_HOME} = "/usr/java/jdk1.6.0_12";
open(FILE, '/var/run/kil.pid');
$pid = <FILE>;
close(FILE);
chomp($pid);
if ($pid =~ /^(\d+)/) {
$pid = $1;
} else {
die 'nopid';
}
system( "/usr/java/jdk1.6.0_12/bin/jstack", "$pid");
is there any way to fork off a child process in a way so that the linker will work correctly.
-
Instead of using setuidperl, consider using sudo to start your script?
sudo -u <targetuser> /path/to/not-setuid-scriptIf the goal is to let users run this w/ elevated permissions, you may need to write a bounce script that executes a "-helper" version of your script.
Jason : Also, I just happened to be reading the release nodes for Perl 5.12 after posting this: http://search.cpan.org/~jesse/perl-5.12.0/pod/perl5120delta.pod#Deprecations setuidperl is considered depricated @ this point.From Jason
0 comments:
Post a Comment