From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98) Description of problem: When executing an suid Perl script with owner root, the script does not run with root privileges as expected. In our case, the Perl script executes an email authentication program using the backticks command. The default owner, group and permissions for the authentication program are mail mail 770 respectively. The workaround was to change the owner and group to root http (same as the Perl script). The other bug with bash is that it is impossible to pass any double quote characters to the shell via Perl's backtick command even with a preceeding backslash. At first a problem with Perl was suspected but after changing the shell to ash (a tip from Bug Report 44001), everything works. Unfortunately if one changes the /bin/sh link to ash, many of the startup scripts fail. Neither the suid problem nor the double quote problem appear in RedHat 6.2 and its corresponding bash shell which we have been using for a year now. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Write Perl script that uses a backtick command and passes double quote characters such as "\\\" \\\"". The extra backslash is needed by the shell. 2. Execute a program that needs the double quote characters as part of its command line. 3. Actual Results: The double quote characters are not passed to the shell and the program that needs them does not execute properly. Expected Results: Any program needing double quote characters on the command line should receive them when Perl hands them off to the shell via the backtick command. Additional info: I consider this a high priority bug because the system "as-is" does not work since we upgraded to 7.1 and we have had to revert back to 6.2 operation.
setuid: Not a bug, but a security feature. It is not safe to make scripts setuid root, therefore we disallow it. If you absolutely need a setuid root script, you have to write a wrapper, e.g. int main(int argc, char **argv) { setuid(0); seteuid(0); return system("your script"); } and make that setuid root. For the backtick problem, please attach a sample script so I can see what's going on, chances are it's another intentional change though (please check the bash documentation on new features in 2.x).
Here are the lines from the Perl Script. The first set of lines are from a routine that formats the new user info line. The second set of lines make up the nwauth (the email authentication program) routine. $infogroup = "fwd=\"$fwd\" "."info=\"$info\" "."groups=\"$groups\""; $infogroup =~ s/\"/\\\"/g; ## backslashed parens needed for nwauth command line sub SetUser { my($username,$password,$infogroup) = @_; my($cmdline) = ''; my($response) = ''; $cmdline = "nwauth "."- set "."$username\@itotal.net "."$password "."$infogroup"; # untaint $cmdline =~ /^([\w\/\s\-\@\.\"\\\=\,\#]+)$/; $response = `$1`; if($response =~ /^(\+OK)/) { return($response); } return(''); }
WRT the setuid Perl/bash thing, check out bug #44001, too.
Two comments here. First WRT the setuid being disallowed, we disagree with RedHat as it is the system administrator who should make that decision. Second, the workaround for those who need it is to edit the first line in all the system scripts to #!/bin/bash as they use bash anyway. Then copy an older copy of bash (from 6.2) into the bin directory naming it bash1. Finally change the sh link in the bin directory to point to bash1 instead of bash. These steps eliminate both of the above problems. James
This feature is not specific to Red Hat Linux (it's in bash 2.x base), if you don't like it, use bash -p.