Re: [programming] suidperl

Fri, 6 Aug 1999 07:13:01 -0700 

At 11:09 05-08-99 +0700, you wrote:
>> On Fri, Jul 30, 1999 at 06:23:44PM +0700, Priyadi Iman Nurcahyo wrote:
>> % saya punya program perl seperti ini:
>> %
>> % #!/usr/bin/perl
>> %
>> % $ENV{'PATH'} = "/usr/bin:/bin:/usr/local/bin";
>> % $ENV{SHELL} = '/bin/sh' if exists $ENV{SHELL};
>> % delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
>> % print "EUID: $>\nEGID: $)\n";
>> % print `id`;
>> %
>> % ownernya root.root, mode 6755 (setuid dan setgid nyala)...
>> % dari dokumentasi perl secara implisit dikatakan bahwa 'id' di akan
di-eksekusi
>> % atas nama root...
>> %
>> % tapi ternyata hasilnya:
>> % ~/tmp/ ./test.pl
>> % EUID: 0
>> % EGID: 0 501
>> % uid=501(priyadi) gid=501(priyadi) euid=0(root) egid=0(root)
groups=501(priyadi)
>> %
>> % sudah dicoba pakai system() dan exec(), hasilnya sama juga...

dari perlvar:

=====
The effective gid of this process. If you are on a machine that supports
membership in multiple groups simultaneously, gives a space separated list
of groups you are in. The first number is the one returned by getegid(), and
the subsequent ones by getgroups(), one of which may be the same as the
first number. 

Similarly, a value assigned to ``$)'' must also be a space-separated list of
numbers. The first number is used to set the effective gid, and the rest (if
any) are passed to setgroups(). To get the effect of an empty list for
setgroups(), just repeat the new effective gid; that is, to force an
effective gid of 5 and an effectively empty setgroups() list, say $) = "5 5". 
=====

jadi, kalo pengen ngilangin group privileges yang lainnya:

=====
#!/usr/bin/perl
$ENV{'PATH'} = "/usr/bin:/bin:/usr/local/bin";
$ENV{SHELL} = '/bin/sh' if exists $ENV{SHELL};
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
$) =~ /(\d+)/, $) = "$1 $1";
print "EUID: $>\nEGID: $)\n";
print `id`;
=====

--sh


--------------------------------------------------------------------------------
Utk berhenti langganan, kirim email ke [EMAIL PROTECTED]
Informasi arsip di http://www.linux.or.id/milis.php3
Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
Hosted by http://www.Indoglobal.com

Kirim email ke