Best way to gain root privileges
drsalists at gmail.com
Thu Feb 17 03:00:43 CET 2011
On Wed, Feb 16, 2011 at 4:47 PM, Alexander Kapps <alex.kapps at web.de> wrote:
> On 17.02.2011 01:00, GSO wrote:
>> Having said that I'm possibly arriving at the conclusion that a quick
>> perl script might be the simplest/easiest and most secure option - I
>> read perl includes code to safely run suid perl scripts - will dig out
>> my perl tomes.
> Not sure, but Perl is just another "scripting language" (hate that term) and
> you cannot have scripts be SUID.
> I have almost no experiences with Perl, but I really doubt, that the general
> problem would be solved with it.
It depends on what OS you're on:
#1 On some OS's, setuid #! is an instant root - the script doesn't
even need to run. In fact, the problem hinges on the script not
#2 On others, setuid #! is safe. Or rather, safe if you write your
script pretty carefully.
#3 On still others, setuid #! doesn't change your access at all; it's
just run under the uid that started the script.
The perl folk have attempted to make #2 safer with their "taint" stuff
(think "dataflow for user inputs to avoid invoking subshells with user
inputted data"). There's not a lot they could do about #1 - perl
doesn't really enter the picture there. And for #3, you still need a
wrapper of some sort, otherwise your script doesn't change users.
So yeah, whether you use perl or anything else invoked with #!, you're
pretty much better off with sudo, or a tiny C wrapper that's so simple
it's hard to get wrong. However, perl's taint feature would be useful
irrespective when writing privileged code; it removes some of the
More information about the Python-list