Perl security question/RFC

[Lennart Sorensen]

On Wed, Jul 19, 2006 at 12:26:24PM -0400, Madison Kelly wrote:
> Hi all,
> 
>   I decided a little while ago to start from scratch with my backup 
> program. The old code, which I learned to code by writing (so you can 
> imagine the horrors that lie in the source!). A benefit of this blank 
> slate is getting a chance to re-evaluate how things are done.
> 
>   So then, my question is, what is the most secure, *reasonable* way to 
> let a perl program execute commands as root?
> 
>   Simple enough, no? :p
> 
>   My current "best idea" is to use the trusty setuid C-wrapper to call 
> a perl script owned by root with 0500 permissions. I'd have the 
> unprivileged web-based perl script (run from a dedicated webserver) call 
> the setuid C-wrapper with a set of command line switches. Have those 
> command line switches passed on the the root-owned perl script which in 
> turn does dirty work (like un/mount devices and such).
> 
>   A few things I'll do:
> 
> - Compile the full path to the root-owned perl script at install time.
> - Have the root-owned perl script only execute certain commands under 
> certain conditions (ie: only un/mount partitions under a certain directory).
> - Set the C-wrapper to be owned by root:<dedicated_user> and have the 
> permissions 4550.
> 
>   Comments? Suggestions? Problems? Possible weaknesses?
> 
>   Thanks all!!

There is suidperl, which has a lot of restrictions on the perl code to
try and protect the system.  I think it runs with strict and taint on at
all times.

--
Len Sorensen
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml