Re: Perl and SETUID script

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Andrew Daviel: "comments in robots.txt - bug in RobotRules.pm??"
• Previous message: Martin Pool: "Re: Perl and SETUID script"
• Maybe in reply to: Chuan Wang: "Perl and SETUID script"

Martin,

Thanks for the info, I finally got it working by reading the FM and
setting the 
ENV('PATH') correctly, but the C wrapper didn't work as the book
claimed. 

I have another question:

 In my PERL script, it's calling a binay program say a.out, and in
"a.out" it calls
another script "foo.sh".  "foo.sh" can be found under $dir, and $dir is
in the ENV{'PATH'}
defined in the PERL script. But apparently this information is not
passed to the "a.out"
program so it cannot find "foo.sh". I don't want to hardcode the path
information into
the C code of the binary program.  So my question now is, how do I pass
the $path 
information to a binary program from PERL?  right now I am using
"system... ".

Thanks for any help,
-chuan :-)


Martin Pool wrote:
> 
> RTFM, "whizkid"!
> 
> >From perlsec(1)
> 
>        For "Insecure $ENV{PATH}" messages, you need to set
>        $ENV{'PATH'} to a known value, and each directory in the
>        path must be non-writable by the world.  A frequently
>        voiced gripe is that you can get this message even if the
>        pathname to an executable is fully qualified.  But Perl
>        can't know that the executable in question isn't going to
>        execute some other program depending on the PATH.
>

• Next message: Andrew Daviel: "comments in robots.txt - bug in RobotRules.pm??"
• Previous message: Martin Pool: "Re: Perl and SETUID script"
• Maybe in reply to: Chuan Wang: "Perl and SETUID script"