|
|
sybperl-l Archive
Up Prev Next
From: Michael Peppler <mpeppler at peppler dot org>
Subject: Re: Executing suid scripts
Date: Oct 31 2000 9:02PM
Rakesh Dinger writes:
> Hi, am running into a problem running a sybperl script with the user setid bit
> on.
>
> The script has to be run with the user setid bit on. The permissions are 4711:
>
> [2] ls -al killspid.pl
> -rws--x--x 1 sybase sybase 575 Oct 31 11:54 killspid.pl
>
> When I try to execute this script as another user, I get the following:
>
> pm_repo46@hrdev:[1] /home/sybase/killspid.pl
> Can't load '/usr/local/perl/5.2.0.2/solaris/lib/site_perl/sun4-solaris/auto/Sybase/DBlib/DBlib.so' for module Sybase::DBlib: ld.so.1: /usr/local/bin/perl: fatal: libsybdb.so: open failed: No such file or directory at /usr/local/perl/5.2.0.2/solaris/lib/DynaLoader.pm line 140.
>
This is Unix's ld.so closing a potential security hole. The problem
here is that you could replace libsybdb.so with another file where,
say, dblogin() does somethign completely different, and then use
LD_LIBRARY_PATH to get your script to load this other library, and
execute as 'sybase' (or root, or whatever).
So you need to either make sure that the DBlib.so file has the correct
path to the Sybase library files encoded (you can check this with ldd
while LD_LIBRARY_PATH is unset) *or* create softlinks in /usr/lib to
the Sybase libraries.
Michael
--
Michael Peppler - Data Migrations Inc. - mpeppler@peppler.org
http://www.mbay.net/~mpeppler - AIM MPpplr
International Sybase User Group - http://www.isug.com
Sybase on Linux mailing list: ase-linux-list@isug.com
|
