[Linux-disciples] Setting user and group rights automatically in vim
Adam Kessel
linux-disciples@bostoncoop.net
Wed, 29 Oct 2003 12:53:58 -0800
--y0ulUmNC+osPPQO6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
I think it's a security setting that prevents eval from running on a
variable when perl is being run setuid.
To make it clear, try changing the owner of the attached script (1) to
someone other than you, then make it setuid. This script will allow
someone to run arbitrary code.
The primary way to "untaint" a variable is to do a regexp match and
reference the matched subpattern rather than the original variable.
So if you do the same thing to attached script (2)--change the owner and
make it setuid, you'll see it works fine.
So your best bet, below, would be to change
while (<RC>) {
eval("$_");
}
to
while (<RC>) {
/(.*)/;
eval($1);
}
See also perlsec manpage or http://shorl.com/fobegobrakefa "Laundering
and Detecting Tainted Data". =20
It's important to understand how setuid can be both a great tool for
increasing security and a vulnerable.
On Wed, Oct 29, 2003 at 02:04:04PM -0500, Stephen R Laniel wrote:
> On Wed, Oct 29, 2003 at 10:57:38AM -0800, Adam Kessel wrote:
> > Perhaps you don't have perl-suid installed. Because of some limitation =
in
> > the linux kernel, perl can't be suid itself, but needs some sort of
> > wrapper to work.
>=20
> That's good to know. Now I get
> /*
> [Wed Oct 29 13:59:31 2003] [error] [client 192.168.1.1] Premature end of =
script headers: /home/slaniel/public_html/cgi-bin/blosxom
> Insecure dependency in eval while running setuid at /home/slaniel/public_=
html/cgi-bin/blosxom line 73, <RC> line 1.
> */
>=20
> That particular section of blosxom is Debian specific: it loads
> /etc/blosxom/blosxom.conf, then loads /etc/blosxom.conf. The code block
> reads as follows:
>=20
> /*
> ## On Debian GNU/Linux systems, read configuration files (if found)
> ## Dirk Eddelbuettel <edd@debian.org>
> for $rcfile ("/etc/blosxom/blosxom.conf", "/etc/blosxom.conf") {
> if (-r $rcfile) {
> open (RC, "< $rcfile") or die "Cannot open $rcfile: $!";
> while (<RC>) {
> eval("$_");
> }
> close (RC);
> }
> }
> */
>=20
> I presume there's some mismatch on the permissions for
> /etc/blosxom/blosxom.conf. Here's what we have:
>=20
> /*
> -rw-r--r-- 1 root root 2490 Oct 27 11:19 /etc/blosxom/blos=
xom.conf
> */
>=20
> Does anything seem wrong to you there?
>=20
> Or maybe I need to set permissions differently on some other files?
>=20
> Thanks a lot for your help.
>=20
> Steve
>=20
> --=20
> ``By the way, I never got this -- what's with this paper beats rock
> thing, anyway? I understand the scissors cutting the paper. I
> understand the rock blunting the scissors. But so the paper wraps
> around the rock; big whoop-de-doo. Like the rock is going to care.''
> -Eugene Volokh, http://shorl.com/hebiprorivese
>=20
> _______________________________________________
> Linux-disciples mailing list
> Linux-disciples@bostoncoop.net
> http://shorl.com/gakygrybyfaje
--=20
Adam Kessel
http://bostoncoop.net/adam
--y0ulUmNC+osPPQO6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/oCjmdTf3ZklQ6qYRAk14AJ9rNtAzV2Y6VjrCtpL5O/ZRvQksMgCfSYTp
urD3PrRrNijwxnjbBup5u+g=
=eb71
-----END PGP SIGNATURE-----
--y0ulUmNC+osPPQO6--