suid root - bash script
Noam Rathaus
noamr at beyondsecurity.com
Thu Apr 23 14:15:36 IDT 2009
Hi Shachar,
Ok, I will try it out, though as I mentioned in sample I run from this
perl, another perl script that is setuid.
On Thu, Apr 23, 2009 at 2:13 PM, Shachar Shemesh <shachar at shemesh.biz> wrote:
> Noam Rathaus wrote:
>
> Hi Shachar,
>
> Thanks for the response.
>
> I am using here Debian 5.0 and I still get the problem even if I:
> 1) setuid the file to be setuid root
> 2) change the perl interpreter at the top of the script from perl to
> suidperl (they are the same symbloic link, but I tried it anyhow)
>
> So I guess something is wrong with my apache, or script, or both
>
>
> On my Debian Lenny:
> Installed perl-suid
> Installed apache2
> Put, in /usr/lib/cgi-bin, a file called "test" that read:
>
> #!/usr/bin/perl
>
> print "Content-Type: text/plain\n";
> print "\n";
>
> while(<>) {
> print $_;
> }
>
> Changed owner to root and added suid.
>
> From a broser, ran:
> http://localhost/cgi-bin/test?%2fetc%2fshadow
>
> Result: /etc/shadow was dumped to the browser window.
>
> Shachar
>
> --
> Shachar Shemesh
> Lingnu Open Source Consulting Ltd.
> http://www.lingnu.com
>
More information about the Linux-il
mailing list