Best way to gain root privileges

Dan Stromberg drsalists at gmail.com
Thu Feb 17 03:00:43 CET 2011


On Wed, Feb 16, 2011 at 4:47 PM, Alexander Kapps <alex.kapps at web.de> wrote:
> On 17.02.2011 01:00, GSO wrote:
>> Having said that I'm possibly arriving at the conclusion that a quick
>> perl script might be the simplest/easiest and most secure option - I
>> read perl includes code to safely run suid perl scripts - will dig out
>> my perl tomes.
>
> Not sure, but Perl is just another "scripting language" (hate that term) and
> you cannot have scripts be SUID.
>
> I have almost no experiences with Perl, but I really doubt, that the general
> problem would be solved with it.

It depends on what OS you're on:

#1 On some OS's, setuid #! is an instant root - the script doesn't
even need to run.  In fact, the problem hinges on the script not
running.

#2 On others, setuid #! is safe.  Or rather, safe if you write your
script pretty carefully.

#3 On still others, setuid #! doesn't change your access at all; it's
just run under the uid that started the script.

The perl folk have attempted to make #2 safer with their "taint" stuff
(think "dataflow for user inputs to avoid invoking subshells with user
inputted data").  There's not a lot they could do about #1 - perl
doesn't really enter the picture there.  And for #3, you still need a
wrapper of some sort, otherwise your script doesn't change users.

So yeah, whether you use perl or anything else invoked with #!, you're
pretty much better off with sudo, or a tiny C wrapper that's so simple
it's hard to get wrong.  However, perl's taint feature would be useful
irrespective when writing privileged code; it removes some of the
skill required.



More information about the Python-list mailing list