ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
AFAIK
Setuid is for binary programs. The #! in the scripts just tell the shell what program to use to run this script.
Now since you might have given something like #!/usr/bin/perl, what effectively gets translated is that shell
executes this as
/usr/bin/perl <program name>
so eventhough the program script is setuid, it will not get executed as per the setuid principle.
If this were a compiled self-executable, then the setuid will work.
so the answers are
1. the effect uid is the uid of the user who is running the script
2. ???
This took me a while to figure this out too. But, on Fedora.
Code:
sudo yum install perl-suidperl
Then the script will launch /usr/bin/suidperl not /usr/bin/perl even when the shabang is still #!/usr/bin/perl.
Try this little script.
Code:
#!/usr/bin/perl
print "$> => $<\n";
I saved as suid.pl and then
Code:
sudo chown root suid.pl
sudo chmod u+sx suid.pl
Then run it!
Code:
$ ./suid.pl
0 => 500
I'm assuming this requires perl to be suid-root, which sounds like a horrible idea. The only way you can suid a script is if the interpreter is suid (or it's otherwise run as root) and it supports such uid changes.
Kevin Barry
PS The only exception to "don't make an interpreter suid" might be a wrapper program (i.e. < 100 lines or so) that does the following:
Checks the ownership of the script.
Checks the suid flag of the script and the "nosuid"/"noexec" flags of the mount containing the script.
If suid execution is acceptable, set the real and effective uids to the owner of the script. Otherwise, set the effective uid to the real uid.
execve the actual interpreter, which isn't suid.
This, of course, means the script isn't actually suid; it just makes the wrapper change uids before executing the interpreter. The difference is that the interpreter isn't capable of changing to another uid unless it's running as root already. I'd make sure all of the above were true before installing any suid interpreter.
it sees to me that setuid is redundant; its already root.
If you want to run it as root from another user, sudo would be safer.
As per ta0kira, try to minimise the number of setuid programs on the system.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.