LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-18-2012, 04:48 AM   #1
genese
Member
 
Registered: Feb 2006
Location: belgium
Posts: 65

Rep: Reputation: 16
[SOLVED] perl setuid - directory traversal


I am setting ??5 (o+rx) permission for every directory in a path.

Normally, any user is allowed to traverse the path.

On the command line, no problem.

From my perl script, which is started as root and drops privileges to another user, it is no longer true.

What's wrong in my script ? (tested on SuSE and CENTOS, no selinux).
Code:
#!/usr/bin/perl -W
#
# THIS SCRIPT CREATES A USER AND USES THE TERRIFYING "rm -r" COMMAND
# USE IT AT YOUR OWN RISK
# 
use strict;
use POSIX;

my $uname = 'test0918';

my $uid = `grep $uname /etc/passwd|cut -f3 -d":"`;

if (!$uid) {
        system("useradd $uname");
        $uid = `grep $uname /etc/passwd|cut -f3 -d":"`;
}

my $gid = `grep $uname /etc/passwd|cut -f4 -d":"`;

my $test_root = '/tmp/test_perms';
my $test_folders = 'level1/level2/level3';

if (-d $test_root) {
        system("/bin/rm -r $test_root");
}
system("mkdir -p $test_root/$test_folders");
system("chmod -R 705 $test_root"); 

system("id; ls -ld $test_root; ls -lR $test_root");
setgid($gid);
setuid($uid);
system("id; ls -ld $test_root; ls -lR $test_root");
Output :
Code:
uid=0(root) gid=0(root) groups=0(root)
drwx---r-x 3 root root 4096 18-09 10:59 /tmp/test_perms
/tmp/test_perms:
total 4
drwx---r-x 3 root root 4096 18-09 10:59 level1

/tmp/test_perms/level1:
total 4
drwx---r-x 3 root root 4096 18-09 10:59 level2

/tmp/test_perms/level1/level2:
total 4
drwx---r-x 2 root root 4096 18-09 10:59 level3

/tmp/test_perms/level1/level2/level3:
total 0
uid=1007(test0918) gid=100(users) groups=0(root)
drwx---r-x 3 root root 4096 18-09 10:59 /tmp/test_perms
ls: cannot open directory /tmp/test_perms: Permission denied

Last edited by genese; 09-18-2012 at 09:38 AM.
 
Old 09-18-2012, 09:37 AM   #2
genese
Member
 
Registered: Feb 2006
Location: belgium
Posts: 65

Original Poster
Rep: Reputation: 16
[SOLVED] perl setuid - directory traversal

Found the solution here : http://www.perlmonks.org/?node_id=877616
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Perl with setuid gjagadish Programming 1 09-27-2006 09:44 AM
Perl Setuid linchat Fedora 3 02-26-2005 08:19 AM
directory traversal attack porous Linux - Security 5 02-02-2005 09:48 PM
recursive directory traversal klfreese Linux - Newbie 2 08-20-2003 07:27 PM
preventing directory traversal in programs tristan_vdv Linux - Security 4 06-04-2002 04:03 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration