Re: Perl and SETUID script

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Chuan Wang: "Re: Perl and SETUID script"
• Previous message: Chuan Wang: "Perl and SETUID script"
• Maybe in reply to: Chuan Wang: "Perl and SETUID script"
• Next in thread: Chuan Wang: "Re: Perl and SETUID script"

RTFM, "whizkid"!

>From perlsec(1)

       For "Insecure $ENV{PATH}" messages, you need to set
       $ENV{'PATH'} to a known value, and each directory in the
       path must be non-writable by the world.  A frequently
       voiced gripe is that you can get this message even if the
       pathname to an executable is fully qualified.  But Perl
       can't know that the executable in question isn't going to
       execute some other program depending on the PATH.

----------
> From: Chuan Wang <whizkid2@worldnet.att.net>
> To: perl5-porters@nicoh.com; libwww-perl@ics.UCI.EDU
> Subject: Perl and SETUID script
> Date: Thursday, 23 January 1997 4:49 pm
> 
> I wonder if any guru there can help me with this problem:
> 
> I am getting messages like "Insecure $ENV{PATH}... " with a SETUID
> scripts written in Perl. According to the reference book on PERL,
> I should use a C wrapper around the SETUID script, (the C program
> simply did a "execv($progname, argv)" ).  But I am still getting
> the same error message complaining "Insecure..."
> 
> I wonder if anyone also had any bad experience with this before and
> how they solved the problem. I am sure that I have followed
everything
> on that Perl book (the one with a camel cover), but it's not
working....

• Next message: Chuan Wang: "Re: Perl and SETUID script"
• Previous message: Chuan Wang: "Perl and SETUID script"
• Maybe in reply to: Chuan Wang: "Perl and SETUID script"
• Next in thread: Chuan Wang: "Re: Perl and SETUID script"