suid

suid

am 07.10.2005 15:13:43 von dan

I'm running OpenWebMail from Apache2 as a perl cgi script on Debian
Sarge. It's running on a very old 166 MHz PC, so I wanted to speed
things up using persistant Perl, so I installed speedy-cgi-perl.

In the main OpenWebMail script, I replaced the

#/usr/bin/perl

with

#!usr/bin/speedy

It didn't work, so I changed back to the original, made no other
changes.

I thought that everything would work as before, but now the script
returns an error "must setuid to root". It seems that I can no longer
run perl scripts suid.

Something has changed somewhere, but I can't figure out what. I don't
think installing speedy caused the problem because OpenWebMail was
still working after I installed speedy but before I changed the
script. It looks like running the script caused the problem, but I
can't see how.

I've since removed speedy-cgi-perl, removed and re-installed
OpenWebMail, restarted Apache innumerable times, rebooted, but the
problem remains. I just can't figure out what got changed. Hope
someone has some new ideas.

Thanks

Dan

Re: suid

am 07.10.2005 15:30:59 von Sherm Pendley

Dan writes:

> In the main OpenWebMail script, I replaced the
>
> #/usr/bin/perl
>
> with
>
> #!usr/bin/speedy
>
> It didn't work, so I changed back to the original, made no other
> changes.
>
> I thought that everything would work as before, but now the script
> returns an error "must setuid to root".

The error is pretty clear, I think. The script wants to run as root, but
it's not. That's probably a result of your editing the file. On most
systems, writing to a file clears its suid bit.

sherm--

--
Cocoa programming in Perl: http://camelbones.sourceforge.net
Hire me! My resume: http://www.dot-app.org

Re: suid

am 09.10.2005 06:05:22 von dan

On Fri, 07 Oct 2005 09:30:59 -0400, Sherm Pendley
wrote:

>The error is pretty clear, I think. The script wants to run as root, but
>it's not. That's probably a result of your editing the file. On most
>systems, writing to a file clears its suid bit.

Thanks Sherm, I'm starting to get a better idea of what suid is/does.
I've had a look at another OpenWebMail installation on the company
server, and that file isn't suid. I think it gets set by something
else, maybe something called suid-perl. I've got everything working
by setting the bit in all the relevent perl scripts, but I suspect
that's a security risk.

Dan