From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Description of problem: Depending on how the suid is created it doesn't run as root. How reproducible: Always Steps to Reproduce: 1. Script: #!/usr/bin/perl -U print "Content-type: text/html;\n\n"; $output = `/usr/bin/whoami`; $output2 = `/usr/bin/whoami && /usr/bin/whoami`; print $output . "<BR>"; print $output2 . "<BR>"; 2. chmod 4711 test.pl 3. put it under web tree. 4. output in Red Hat 6.2: root root root output in Red Hat 7.1 root apache apache Running all standard packages. clean installation of Red Hat 7.1 Actual Results: output in Red Hat 7.1 root apache apache Expected Results: output in Red Hat 7.1 root root root Additional info:
I think I found the source of the problem. This is definitely a problem with bash. I did a test and upgraded a 6.2 machine to bash-2.04-21 from Red Hat 7.1 and it stopped working. I also tried bash-2.05-5 from Raw Hide but it didn't fixed the problem.
Apache of Red Hat Linux 7.1 has suEXEC enabled. You are not allowed to execute as the Superuser and/or execute setuid/setgid scripts/binaries. Consult Apache's suEXEC manual.
The problem is not with apache. If you run this script in a shell prompt ( bash2 ) you get the result described above.
(I was misguided by your summary mentioning Apache. Hence I thought running the script via Apache was involved. I couldn't see how you would get user name "apache".) I can reproduce it now. Try this: cd /bin rm sh ln -s ash sh Or this (test.sh) #! /bin/ash whoami and add $output3 = `test.sh`; print $output3; to your perl script. When using /bin/ash as opposed to /bin/bash, you get "root" in all cases. Perl passes your compound commands on to "sh -c": sh -c /usr/bin/whoami && /usr/bin/whoami Bash doesn't like to execute that setuid. So, this should be assigned to component "bash", not "perl".
I am having the same problem. Where apache is determined not to used as whatever user is of the the suid'ed script. I have tried disabling suexec perl apache's suexec manual by removing /usr/sbin/suexec on redhat 7.1. I even used /usr/bin/suidperl instead of just /usr/bin/perl.. still the same.. this work in 6.2.. sigh..
Indeed, this is rather a bash problem as described in bug 56537. A workaround to obtain the correct result in $output2 would be to replace $output2 = `/usr/bin/whoami && /usr/bin/whoami`; with die "Can't fork: $!" unless defined ($pid = open(KID, "-|")); if ($pid) { $output2 = join("", <KID>); close KID; } else { exec "/bin/sh", "-p", "-c", "/usr/bin/whoami && /usr/bin/whoami" or die "can't exec program: $!"; }
*** This bug has been marked as a duplicate of 56537 ***
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.