PEPPLER.ORG
Michael Peppler
Sybase Consulting
Menu
Home
Sybase on Linux
Install Guide for Sybase on Linux
General Sybase Resources
General Perl Resources
Freeware
Sybperl
Sybase::Simple
DBD::Sybase
BCP Tool
Bug Tracker
Mailing List Archive
Downloads Directory
FAQs
Sybase on Linux FAQ
Sybperl FAQ
Personal
Michael Peppler's resume

sybperl-l Archive

Up    Prev    Next    

From: Michael Peppler <mpeppler at peppler dot org>
Subject: Re: Executing suid scripts
Date: Oct 31 2000 9:02PM

Rakesh Dinger writes:
 > Hi, am running into a problem running a sybperl script with the user setid bit 
 > on.
 > 
 > The script has to be run with the user setid bit on. The permissions are 4711:
 > 
 > [2] ls -al killspid.pl
 > -rws--x--x   1 sybase   sybase       575 Oct 31 11:54 killspid.pl
 > 
 > When I try to execute this script as another user, I get the following:
 > 
 > pm_repo46@hrdev:[1] /home/sybase/killspid.pl
 > Can't load '/usr/local/perl/5.2.0.2/solaris/lib/site_perl/sun4-solaris/auto/Sybase/DBlib/DBlib.so' for module Sybase::DBlib: ld.so.1: /usr/local/bin/perl: fatal: libsybdb.so: open failed: No such file or directory at /usr/local/perl/5.2.0.2/solaris/lib/DynaLoader.pm line 140.
 >  

This is Unix's ld.so closing a potential security hole. The problem
here is that you could replace libsybdb.so with another file where,
say, dblogin() does somethign completely different, and then use
LD_LIBRARY_PATH to get your script to load this other library, and
execute as 'sybase' (or root, or whatever).

So you need to either make sure that the DBlib.so file has the correct
path to the Sybase library files encoded (you can check this with ldd
while LD_LIBRARY_PATH is unset) *or* create softlinks in /usr/lib to
the Sybase libraries.

Michael
-- 
Michael Peppler - Data Migrations Inc. - mpeppler@peppler.org
http://www.mbay.net/~mpeppler - AIM MPpplr
International Sybase User Group - http://www.isug.com
Sybase on Linux mailing list: ase-linux-list@isug.com