program map that calls suid program: illegal seek

program map that calls suid program: illegal seek

am 23.11.2007 12:54:40 von frank

Hi,
I wrote a rule that calls a program map (perlscript) which calls a
program with suid bit

sendmail -> perl program map -> suid shell program (chmod 2755)

but this fails with "illegal seek" in the $! variable of the calling
perl script. sendmail runs as unprivigeded user as described in
sendmail/SECURITY.
If the perl script is called from command line the suid shell program
call works but if the perl script is invoked from sendmail it gives
the "illegal seek".

Any suggestions for me?

Frank

Re: program map that calls suid program: illegal seek [socketmap]

am 23.11.2007 16:48:51 von Andrzej Filip

Frank writes:
> I wrote a rule that calls a program map (perlscript) which calls a
> program with suid bit
>
> sendmail -> perl program map -> suid shell program (chmod 2755)
>
> but this fails with "illegal seek" in the $! variable of the calling
> perl script. sendmail runs as unprivigeded user as described in
> sendmail/SECURITY.
> If the perl script is called from command line the suid shell program
> call works but if the perl script is invoked from sendmail it gives
> the "illegal seek".
>
> Any suggestions for me?

Have you considered using socket map?
It should eliminate need for using suid programs.

Sample prel script implementing socket map daemon is provided in
contrib/ directory.

--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Open-Sendmail: http://open-sendmail.sourceforge.net/

Re: program map that calls suid program: illegal seek

am 24.11.2007 02:17:56 von per

In article

Frank writes:
>I wrote a rule that calls a program map (perlscript) which calls a
>program with suid bit
>
>sendmail -> perl program map -> suid shell program (chmod 2755)
>
>but this fails with "illegal seek" in the $! variable of the calling
>perl script. sendmail runs as unprivigeded user as described in
>sendmail/SECURITY.
>If the perl script is called from command line the suid shell program
>call works but if the perl script is invoked from sendmail it gives
>the "illegal seek".
>
>Any suggestions for me?

'man errno'. In case the man page is defective on your OS, here's the
relevant quote from a proper one:

29 ESPIPE Illegal seek. An lseek(2) system call was issued on a socket,
pipe or FIFO.

I.e. it has nothing to do with permissions or privileges. Now you just
need to figure out what you're doing wrong in your scripts (most likely
the perl one).

--Per Hedeland
per@hedeland.org

Re: program map that calls suid program: illegal seek

am 26.11.2007 09:52:29 von frank

Hi Per and Andrzej,
many thanks for your answers! I played around with sendmail and perl
and suidperl is my friend. Now the perl program map calls another perl
program (chmod 2755) with suidperl interpreter and this calls the
other suid program. This works perfectly. But I will also have a look
on socket maps to get rid of the suidperl program.

Frank