C set-user-ID program wrapper for Perl script and security
- From: Peter Michaux <petermichaux@xxxxxxxxx>
- Date: Sat, 30 Aug 2008 11:43:32 -0700 (PDT)
I have a Perl script that I want to run as a set-user-ID program. Many
OSes don't allow scripts run as set-user-ID. To make this script
portable, it seems I need to write a C wrapper program that calls exec
or system to give the Perl script the necessary effective permissions.
How can I make the C wrapper program secure? or "more" secure?
The Perl script, which is "-rwsr-xr-x root root" will look at the real
user id and then check a permissions file that is "-rw------- root
root" to determine if the real user can carry out the subcommand to
the script.
Is it futile to attempt to solve my problem with a C wrapper program
around a Perl script? Writing this particular program all in C is
appealing from a purity point of view but I was going to be just
gluing together a bunch of command line tools like wget, chmod, tar
and a parser for YAML. Writing it all in C seems like overkill. If I
write this all in C then I suppose I need to find good libraries to
emulate all of these features.
Any suggestions?
Thanks,
Peter
.
- Follow-Ups:
- Re: C set-user-ID program wrapper for Perl script and security
- From: Ian Collins
- Re: C set-user-ID program wrapper for Perl script and security
- From: Antoninus Twink
- Re: C set-user-ID program wrapper for Perl script and security
- Prev by Date: Re: char**
- Next by Date: Re: C set-user-ID program wrapper for Perl script and security
- Previous by thread: Re: Help with understanding this please
- Next by thread: Re: C set-user-ID program wrapper for Perl script and security
- Index(es):
Relevant Pages
|
