Up Prev Next
From: Rakesh Dinger <dinger_rakesh at jpmorgan dot com>
Subject: Re: Executing suid scripts
Date: Nov 1 2002 2:22PM
I tried the second approach....creating softlinks in /usr/lib....
it works now...
> Rakesh Dinger writes:
> > Hi, am running into a problem running a sybperl script with the user setid bit
> > on.
> > The script has to be run with the user setid bit on. The permissions are 4711:
> >  ls -al killspid.pl
> > -rws--x--x 1 sybase sybase 575 Oct 31 11:54 killspid.pl
> > When I try to execute this script as another user, I get the following:
> > pm_repo46@hrdev: /home/sybase/killspid.pl
> > Can't load '/usr/local/perl/22.214.171.124/solaris/lib/site_perl/sun4-solaris/auto/Sybase/DBlib/DBlib.so' for module Sybase::DBlib: ld.so.1: /usr/local/bin/perl: fatal: libsybdb.so: open failed: No such file or directory at /usr/local/perl/126.96.36.199/solaris/lib/DynaLoader.pm line 140.
> This is Unix's ld.so closing a potential security hole. The problem
> here is that you could replace libsybdb.so with another file where,
> say, dblogin() does somethign completely different, and then use
> LD_LIBRARY_PATH to get your script to load this other library, and
> execute as 'sybase' (or root, or whatever).
> So you need to either make sure that the DBlib.so file has the correct
> path to the Sybase library files encoded (you can check this with ldd
> while LD_LIBRARY_PATH is unset) *or* create softlinks in /usr/lib to
> the Sybase libraries.
> Michael Peppler - Data Migrations Inc. - firstname.lastname@example.org
> http://www.mbay.net/~mpeppler - AIM MPpplr
> International Sybase User Group - http://www.isug.com
> Sybase on Linux mailing list: email@example.com