Bug 44001
Summary: | perl suid script in Apache | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Renato <renato> |
Component: | perl | Assignee: | Chip Turner <cturner> |
Status: | CLOSED DUPLICATE | QA Contact: | David Lawrence <dkl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.1 | CC: | bugs.michael, gman |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-02-21 18:48:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Renato
2001-06-08 18:37:34 UTC
I think I found the source of the problem. This is definitely a problem with bash. I did a test and upgraded a 6.2 machine to bash-2.04-21 from Red Hat 7.1 and it stopped working. I also tried bash-2.05-5 from Raw Hide but it didn't fixed the problem. Apache of Red Hat Linux 7.1 has suEXEC enabled. You are not allowed to execute as the Superuser and/or execute setuid/setgid scripts/binaries. Consult Apache's suEXEC manual. The problem is not with apache. If you run this script in a shell prompt ( bash2 ) you get the result described above. (I was misguided by your summary mentioning Apache. Hence I thought running the script via Apache was involved. I couldn't see how you would get user name "apache".) I can reproduce it now. Try this: cd /bin rm sh ln -s ash sh Or this (test.sh) #! /bin/ash whoami and add $output3 = `test.sh`; print $output3; to your perl script. When using /bin/ash as opposed to /bin/bash, you get "root" in all cases. Perl passes your compound commands on to "sh -c": sh -c /usr/bin/whoami && /usr/bin/whoami Bash doesn't like to execute that setuid. So, this should be assigned to component "bash", not "perl". I am having the same problem. Where apache is determined not to used as whatever user is of the the suid'ed script. I have tried disabling suexec perl apache's suexec manual by removing /usr/sbin/suexec on redhat 7.1. I even used /usr/bin/suidperl instead of just /usr/bin/perl.. still the same.. this work in 6.2.. sigh.. Indeed, this is rather a bash problem as described in bug 56537. A workaround to obtain the correct result in $output2 would be to replace $output2 = `/usr/bin/whoami && /usr/bin/whoami`; with die "Can't fork: $!" unless defined ($pid = open(KID, "-|")); if ($pid) { $output2 = join("", <KID>); close KID; } else { exec "/bin/sh", "-p", "-c", "/usr/bin/whoami && /usr/bin/whoami" or die "can't exec program: $!"; } *** This bug has been marked as a duplicate of 56537 *** Changed to 'CLOSED' state since 'RESOLVED' has been deprecated. |