如何在Debian Wheezy中启用suidperl? [英] How to enable suidperl in Debian wheezy?
问题描述
我有一个Perl脚本,该脚本由root拥有并具有setuid.
I have a Perl script which is owned by root and have setuid.
在此脚本中,我正在更改作为参数传递的文件的所有者.
In this script I am changing the owner of a file passed as argument.
但是在运行此脚本时,我得到了
But on running this script I am getting
chown: changing ownership of `file': Operation not permitted
有人告诉我默认情况下,带有setuid的脚本与suidperl一起运行.
Someone told me script with setuid run with suidperl by default if it is enable.
但是我不认为这种情况正在发生.
But I don't think so that is happening in my case.
有人可以在这件事上帮助我吗?我正在使用Debian Wheezy.我的Perl版本是5.14.2.我尝试过
Can anyone help me in this matter? I am using Debian wheezy. My Perl version is 5.14.2. I tried
apt-get install perl-suid
但是没有用.
apt-cache search perl
在Perl中没有与suid相关的候选人.
gave me no candidate related to suid in Perl.
这是我的Perl程序
#! /usr/bin/perl -T
use Cwd 'abs_path';
sub check_path {
my $file = $_[0];
$file = abs_path($file);
if ($file =~ /^\/home\/abc\/dir1\//) {
return 1;
}
else {
return 0;
print("You can only update permissions for files inside /home/abc/dir1/ directory\n");
}
}
if (@ARGV == 1) {
if (&check_path($ARGV[0]) == 1) {
$ENV{PATH} = "/bin:/usr/bin";
my $command = "chown abc:abc " . $ARGV[0];
if ($command =~ /^(.*)$/) {
$command = $1;
}
$result = `$command`;
}
}
elsif ((@ARGV == 2) && ($ARGV[0] eq "-R")) {
if (&check_path($ARGV[1]) == 1) {
$ENV{PATH} = "/bin:/usr/bin";
my $command = "chown -R abc:abc " . $ARGV[1];
if ($command =~ /^(.*)$/) {
$command = $1;
}
$result = `$command`;
}
}
else {
print("Sorry wrong syntax. Syntax: perl /home/abc/sbin/update_permission.pl [-R] file_path");
}
推荐答案
对您来说可能为时已晚,但是我遇到了同样的问题,并使用了以下简单的C包装器(从
It's probably too late for you, but I had the same problem and used the following simple C wrapper (shamelessly taken from http://www.blyberg.net/downloads/suid-wrapper.c):
#include <unistd.h>
#include <errno.h>
main( int argc, char ** argv, char ** envp )
{
if( setgid(getegid()) ) perror( "setgid" );
if( setuid(geteuid()) ) perror( "setuid" );
envp = 0; /* blocks IFS attack on non-bash shells */
system( "/path/to/bash/script", argv, envp );
perror( argv[0] );
return errno;
}
将C代码中的路径替换为脚本路径,并使用编译
Replace the path in the C code with the path to your script, compile with
gcc -o suid-wrapper suid-wrapper.c
并使用
chmod 6755 suid-wrapper
suidperl不再是一个选项,它已在perl 5.12中被删除而无需替换(请参见perl5120delta,即
suidperl ist no longer an option, it has been removed without replacement in perl 5.12 (see perl5120delta, i.e. http://search.cpan.org/~shay/perl-5.20.2/pod/perl5120delta.pod).
这篇关于如何在Debian Wheezy中启用suidperl?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!