LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   suidperl in slack 14? (http://www.linuxquestions.org/questions/slackware-14/suidperl-in-slack-14-a-4175450139/)

WiseDraco 02-14-2013 09:57 AM

suidperl in slack 14?
 
Hello!
Going to install openwebmail, and it requires suidperl to work.
search for "suidperl" in slackware64 14.0 system disk gives nothing. search over google for suidperl slackware 14 - the same. what i can do?

phenixia2003 02-14-2013 10:41 AM

Hello,

I found this thread that talk about openwebmail and Slackware 9.1. The OP had the same kind of trouble than you, and it seems that you have two options :

1) Rebuild perl with suidperl

However, suidperl is deprecated as explained in perl.SlackBuild :

Quote:

# We no longer include suidperl. To quote the INSTALL file:
#
# Because of the buggy history of suidperl, and the difficulty
# of properly security auditing as large and complex piece of
# software as Perl, we cannot recommend using suidperl and the feature
# should be considered deprecated.
# Instead use for example 'sudo': http://www.courtesan.com/sudo/
2) use misc/tools/suidwrap.pl to generate C wrappers for all suid script as explained into the openwebmail faq :

Quote:


[...]

Q: I got "Internal server error" when running Open WebMail?
I got "can not do setuid" error?
I got "Software error: Can't locate etc/openwebmail.conf in @INC" error?
A: There are many possible answers...

[...]

ps: If you don't want to recompile perl, you choose to may use
misc/tools/suidwrap.pl to generate C wrappers for all suid scripts.

However, this is not recommended at all, as you will not be able
to use SpeedyCGI with the openwebmail system.

Here are the steps:
1. cd cgi-bin/openwebmail
2. perl misc/tool/wrapsuid/wrapsuid.pl /fullpath/cgi-bin/openwebmail
3. change #!/usr/bin/suidperl to the path of your perl

All suid scripts will be renamed to .scriptname.pl and
the C wrapper will be generated and named as script.pl
(thanks to Chris Heegard, heegard.AT.NativeI.com)

The spellcheck may not work on Solaris when using C wrappers.
(thanks to Isam Ishaq, isam.AT.planet.edu)

[...]
Hope this will help you a bit.

Cheers.
--
SeB

WiseDraco 02-15-2013 03:11 AM

very, very strange. try to do today make a c wrappers.
cd to /war/www/cgi-bin/openwebmail and do
perl misc/tools/wrapsuid/wrapsuid.pl /var/www/cgi-bin/openwebmail

script output to screen some text, i going to look in /var/www/cgi-bin/openwebmail, and see, there is some scripts with leadeing dot, and new ones. try again to open my webmail server via web browser -that again says,
/srv/httpd/cgi-bin/openwebmail/openwebmail.pl must be setuid to root to read the mail spools
i think maybe whatever not going right, try again run
perl misc/tools/wrapsuid/wrapsuid.pl /var/www/cgi-bin/openwebmail
but there is nothing of output, and none changes in
/var/www/cgi-bin/openwebmail
i delete /var/www/cgi-bin/openwebmail folder and also /var/www/openwebail ( data), and copy both new from openwebmail.current.tar.gz ( distribution), restart computer, make configs changes in /var/www/cgi-bin/openwebmail/etc,
make a ./openwebmail-tool.pl --init - all worked, get output.
after that, try do
perl misc/tools/wrapsuid/wrapsuid.pl /var/www/cgi-bin/openwebmail
-and again nothing! not any output of command, and nothing changes in /var/www/cgi-bin/openwebmail

not ideas, why wrapsuid.pl not work again, and what to do with that :-O

phenixia2003 02-15-2013 03:58 AM

Hello,

Quote:

Originally Posted by WiseDraco (Post 4892075)
very, very strange. try to do today make a c wrappers.
cd to /war/www/cgi-bin/openwebmail and do
perl misc/tools/wrapsuid/wrapsuid.pl /var/www/cgi-bin/openwebmail

script output to screen some text, i going to look in /var/www/cgi-bin/openwebmail, and see, there is some scripts with leadeing dot, and new ones. try again to open my webmail server via web browser -that again says,
/srv/httpd/cgi-bin/openwebmail/openwebmail.pl must be setuid to root to read the mail spools
i think maybe whatever not going right, try again run
perl misc/tools/wrapsuid/wrapsuid.pl /var/www/cgi-bin/openwebmail
but there is nothing of output, and none changes in
/var/www/cgi-bin/openwebmail
i delete /var/www/cgi-bin/openwebmail folder and also /var/www/openwebail ( data), and copy both new from openwebmail.current.tar.gz ( distribution), restart computer, make configs changes in /var/www/cgi-bin/openwebmail/etc,
make a ./openwebmail-tool.pl --init - all worked, get output.
after that, try do
perl misc/tools/wrapsuid/wrapsuid.pl /var/www/cgi-bin/openwebmail
-and again nothing! not any output of command, and nothing changes in /var/www/cgi-bin/openwebmail

not ideas, why wrapsuid.pl not work again, and what to do with that :-O

Well, I looked at this and I encountered the same trouble. I checked the perl script (ie misc/tools/wrapsuid/wrapsuid.pl) and found that this have something to do with wrong permissions. Indeed, inside the perl script you will find the code below :

Code:

open(FIND,  "find $fslist $xdev -type f \\( -perm -04000 -o -perm -02000 \\) -print|")
So I checked the faq and found this :

Quote:

Please check if you have installed a complete set of perl 5.005 or above.
and You have uncompressed the openwebmail-1.xx.tar.gz with proper parameter.
It should be "tar -zxvBpf openwebmail-1.xx.tar.gz"
With this, the perl script seems to work :

Quote:

$ cd /tmp
$ mkdir openwebmail
$ cd openwebmail
$ tar -zxvBpf /home/seb/Downloads/openwebmail-current.tar.gz

find . -type f \( -perm -04000 -o -perm -02000 \)
./cgi-bin/openwebmail/openwebmail-folder.pl
./cgi-bin/openwebmail/openwebmail-main.pl
./cgi-bin/openwebmail/openwebmail-read.pl
./cgi-bin/openwebmail/openwebmail-send.pl
./cgi-bin/openwebmail/openwebmail-cal.pl
./cgi-bin/openwebmail/openwebmail-webdisk.pl
./cgi-bin/openwebmail/openwebmail.pl
./cgi-bin/openwebmail/openwebmail-advsearch.pl
./cgi-bin/openwebmail/openwebmail-abook.pl
./cgi-bin/openwebmail/openwebmail-viewatt.pl
./cgi-bin/openwebmail/openwebmail-vdomain.pl
./cgi-bin/openwebmail/openwebmail-saprefs.pl
./cgi-bin/openwebmail/openwebmail-prefs.pl
./cgi-bin/openwebmail/openwebmail-tool.pl
./cgi-bin/openwebmail/openwebmail-spell.pl

$ cd cgi-bin/openwebmail/

$ perl misc/tools/wrapsuid/wrapsuid.pl /tmp/openwebmail/cgi-bin/openwebmail/

Fixing /tmp/openwebmail/cgi-bin/openwebmail/openwebmail-folder.pl
Fixing /tmp/openwebmail/cgi-bin/openwebmail/openwebmail-main.pl
Fixing /tmp/openwebmail/cgi-bin/openwebmail/openwebmail-read.pl
Fixing /tmp/openwebmail/cgi-bin/openwebmail/openwebmail-send.pl
Fixing /tmp/openwebmail/cgi-bin/openwebmail/openwebmail-cal.pl
Fixing /tmp/openwebmail/cgi-bin/openwebmail/openwebmail-webdisk.pl
Fixing /tmp/openwebmail/cgi-bin/openwebmail/openwebmail.pl
Fixing /tmp/openwebmail/cgi-bin/openwebmail/openwebmail-advsearch.pl
Fixing /tmp/openwebmail/cgi-bin/openwebmail/openwebmail-abook.pl
Fixing /tmp/openwebmail/cgi-bin/openwebmail/openwebmail-viewatt.pl
Fixing /tmp/openwebmail/cgi-bin/openwebmail/openwebmail-vdomain.pl
Fixing /tmp/openwebmail/cgi-bin/openwebmail/openwebmail-saprefs.pl
Fixing /tmp/openwebmail/cgi-bin/openwebmail/openwebmail-prefs.pl
Fixing /tmp/openwebmail/cgi-bin/openwebmail/openwebmail-tool.pl
Fixing /tmp/openwebmail/cgi-bin/openwebmail/openwebmail-spell.pl
Hope all will work for you now.

Cheers.

--
SeB

WiseDraco 02-15-2013 06:17 AM

Thank you for your help!
yes, via that wrapsuid.pl works, "fixing" and i have new sets with .pl files in cgi-bin/openwebmail
configure configfiles, run openwebmail-tool.pl --init - all looks ok.
try to go via webbrowsers to my openwebmail - got again

OpenWebMail ERROR

/srv/www/cgi-bin/openwebmail/.openwebmail.pl must be setuid to root to read the mail spools


OpenWebMail version 2.53 Help?


:-O

PS i do not touch .openwebmail*.pl files - theres already have first lines of #!/usr/bin/perl -T

i think, after wrapsuid there must be all be ok with permissions, and openwebmail runs as root, but looks not to be...
also in faq is be a text about "script.pl":

All suid scripts will be renamed to .scriptname.pl and
the C wrapper will be generated and named as script.pl
(thanks to Chris Heegard, heegard.AT.NativeI.com)

i also do not found script.pl in cgi-bin/openwebmail...

WiseDraco 02-15-2013 06:43 AM

Sorry!
looks like must be manually set user ID on execution for openwebmail.pl
i do it, and now openwebmail login looks ok until that. today create a some users and check if log in and so on works...
thank you![COLOR="Silver"]


All times are GMT -5. The time now is 03:24 AM.