Insecure dependency in chmod while running setuid

ak4good · 06-12-2009, 03:29 AM

Hello,

Total beginner here. I need a cgi script to run as root to recursively change file permissions. I slapped something together from examples, but Apache complains:

Quote:

Insecure dependency in chmod while running setuid at /var/www/cgi-bin/set-perms.pl line 13., referer: https://example.com/cgi-bin/

This is the script:

Code:

#!/usr/bin/perl -wT

BEGIN {
  $ENV{PATH} = "";
}

use strict;
use File::Find;
$|++;

my $baseDir  = "/var/www/test/";
my $modeFile = oct(664);
my $modeDir  = oct(2775);

sub setperms {
  chmod($modeFile, $_) if(-f $_);  <------/line 13/
  chmod($modeDir, $_)  if(-d $_);
  chown(-1, 1005, $_);
}

find(\&setperms, "$baseDir");

Please help...

unSpawn · 06-12-2009, 06:50 AM

Instead of using kludges please check if your problem can be fixed with ACLs (http://acl.bestbits.at).

akelder · 06-12-2009, 11:35 PM

The problem is that when Mac users mount a file system on our Linux server locally via MacFUSE, the permissions for new files/dirs they create follow their local umask settings and ignore the directory sticky bit set on the Linux server.

Wouldn't we have the same problem if we used ACLs on the Linux box? Wouldn't files user create over MacFUSE mounts come with their local ACL attributes like they come with their local Unix permissions?

I don't like the idea of running cgi scripts as root any more than the next guy, so I finally gave up on the idea and gave these users sudo rights to run a permission fixing script.

unSpawn · 06-13-2009, 10:22 AM

Quote:

Originally Posted by akelder

Wouldn't we have the same problem if we used ACLs on the Linux box? Wouldn't files user create over MacFUSE mounts come with their local ACL attributes like they come with their local Unix permissions?

I don't know but given the ease with which you can test such stuff I'd say try and let us know.