Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 21 Aug 2000 21:41:25 -0700
From:      Greg Work <gregh@cccd.edu>
To:        freebsd-newbies@FreeBSD.ORG
Subject:   Problem with Set-user-ID-on-execution bit
Message-ID:  <39A20475.56851974@cccd.edu>
next in thread | raw e-mail | index | archive | help 
I'm having problem executing perl scripts that have the
set-user-ID-on-execution bit set through Apache and at the command
line.  For example:

When I try and execute a perl script at the command line as root with
the set-user-ID-on-execution bit set,

-rwsr-xr-x   1 root  wheel    718     Aug 21 20:02     checklogin.pl

the script works given three valid inputs, the location of the password
file, a valid username, and a valid password.  When I su to http and
execute the script wth the same three inputs it fails to open the passwd
file and exits at the 11th line,

--cut--
        open (PASSWD, $passwdfile) or exit 1;
--cut--

Why is an executable file that is set to run as the owner, root, unable
to open the master.passwd file?  This works on other machines with
FreeBSD and Linux(using shadow instead of master.passwd) and doesn't
work on this machine.  FreeBSD 2.2.8 w/ Apache 1.3.12 w/ Perl 5.6.0.  Am
I using the set-user-ID-on-execution bit correctly?

Here is the script described above.
--------------------
#!/usr/bin/perl -T

my ($username, $password, $usr, $pswd, $passwdfile);
my $passcorrect = 0; # default to correct, set incorrect when determined

my $line;
chomp($passwdfile = <STDIN>);
chomp($username = <STDIN>);
chomp($password = <STDIN>);

if ( $passwdfile && $username && $password ) {
   open (PASSWD, $passwdfile) or exit 1;
   print ("passwd openned", "\n");                  # added for testing
   while (defined($line = <PASSWD>)) {
      ($usr,$pswd) = (split(/:/, $line))[0,1];
      last if ($usr eq $username); # We've found the user in /etc/passwd

   }
   close (PASSWD);
   if (($usr ne $username) or (crypt($password, $pswd) ne $pswd)) {
      $passcorrect = 1; # User/Pass combo is WRONG!
   }
} else {
   $passcorrect = 1;
}
print ($passcorrect, "\n");                             # added for
testing
exit $passcorrect;
--------------------



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-newbies" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39A20475.56851974>