如何在Debian Wheezy中启用suidperl? [英] How to enable suidperl in Debian wheezy?

问题描述

我有一个Perl脚本，该脚本由root拥有并具有setuid.

I have a Perl script which is owned by root and have setuid.

在此脚本中，我正在更改作为参数传递的文件的所有者.

In this script I am changing the owner of a file passed as argument.

但是在运行此脚本时，我得到了

But on running this script I am getting

chown: changing ownership of `file': Operation not permitted

有人告诉我默认情况下，带有setuid的脚本与suidperl一起运行.

Someone told me script with setuid run with suidperl by default if it is enable.

但是我不认为这种情况正在发生.

But I don't think so that is happening in my case.

有人可以在这件事上帮助我吗?我正在使用Debian Wheezy.我的Perl版本是5.14.2.我尝试过

Can anyone help me in this matter? I am using Debian wheezy. My Perl version is 5.14.2. I tried

apt-get install perl-suid

但是没有用.

apt-cache search perl

在Perl中没有与suid相关的候选人.

gave me no candidate related to suid in Perl.

这是我的Perl程序

#! /usr/bin/perl -T

use Cwd 'abs_path';

sub check_path {
  my $file = $_[0];

  $file = abs_path($file);
  if ($file =~ /^\/home\/abc\/dir1\//) {
    return 1;
  }
  else {
    return 0;
    print("You can only update permissions for files inside /home/abc/dir1/ directory\n");
  }
}

if (@ARGV == 1) {
  if (&check_path($ARGV[0]) == 1) {
    $ENV{PATH} = "/bin:/usr/bin";
    my $command = "chown abc:abc " . $ARGV[0];
    if ($command =~ /^(.*)$/) {
      $command = $1;
    }

    $result = `$command`;
  }
}
elsif ((@ARGV == 2) && ($ARGV[0] eq "-R")) {
  if (&check_path($ARGV[1]) == 1) {
    $ENV{PATH} = "/bin:/usr/bin";
    my $command = "chown -R abc:abc " . $ARGV[1];
    if ($command =~ /^(.*)$/) {
      $command = $1;
    }
    $result = `$command`;
  }
}
else {
  print("Sorry wrong syntax. Syntax: perl /home/abc/sbin/update_permission.pl [-R] file_path");
}

推荐答案

对您来说可能为时已晚，但是我遇到了同样的问题，并使用了以下简单的C包装器(从

It's probably too late for you, but I had the same problem and used the following simple C wrapper (shamelessly taken from http://www.blyberg.net/downloads/suid-wrapper.c):

#include <unistd.h>
#include <errno.h>

main( int argc, char ** argv, char ** envp )
{
    if( setgid(getegid()) ) perror( "setgid" );
    if( setuid(geteuid()) ) perror( "setuid" );
    envp = 0; /* blocks IFS attack on non-bash shells */
    system( "/path/to/bash/script", argv, envp );
    perror( argv[0] );
    return errno;
}

将C代码中的路径替换为脚本路径，并使用编译

Replace the path in the C code with the path to your script, compile with

gcc -o suid-wrapper suid-wrapper.c

并使用

chmod 6755 suid-wrapper

suidperl不再是一个选项，它已在perl 5.12中被删除而无需替换(请参见perl5120delta，即

suidperl ist no longer an option, it has been removed without replacement in perl 5.12 (see perl5120delta, i.e. http://search.cpan.org/~shay/perl-5.20.2/pod/perl5120delta.pod).

这篇关于如何在Debian Wheezy中启用suidperl?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！