Perl security question/RFC
Madison Kelly
linux-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org
Fri Oct 6 12:47:47 UTC 2006
Kevin Cozens wrote:
> Madison Kelly wrote:
>> So then, my question is, what is the most secure, *reasonable* way
>> to let a perl program execute commands as root?
> [snip]
>> Comments? Suggestions? Problems? Possible weaknesses?
>
> AFAICR, the majordomo mailing list program was Perl based and required
> some root priveleges to run. It had a C wrapper that was used to invoke
> the Perl program.
>
> I would suggest you get a copy of majordomo and see what it did to let
> you run the Perl program with higher priveleges.
>
Since I posted this I have settled on using a C-wrapper, as well. What I
do is, during the install, edit the C source to specify the perl file to
execute by full path and pass any arguments it receives on to the
called-perl script.
Maybe I can ask now, with the thread back to life, how could I have C
check the ownership/permissions of the script to make sure it is not
world-writable (to avoid tampering with the perl script) and have it die
if so?
BTW, I got the C-code from 'perlsec'. :)
Madi
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list