On 2/26/04 11:24 AM, "Sherm Pendley" <[EMAIL PROTECTED]> wrote:
#!/usr/bin/perl
use warnings; use strict;
system 'killall -KILL pppd';
Now the only problem is that 'pppd' a process owned by root. Should my script be run as 'root'? That sounds kind of dangerous!
It can be dangerous to do things as root, yes. But the above takes no input at all, and does only one thing, so it's fairly safe.
it be done? When at the Terminal I have to 'sudo kill' and the get asked my
password. How would I do a 2 step process from 1 perl script?
I had intended to describe how to set the permissions on the script to make it suid. On the UNIX systems I've used in the past, that's how you'd do this - you'd change ownership of the script file to 'root', make it execute-only for anyone else, and then set the suid bit in the permissions, so that when the ran it would run as 'root' instead of as the user that ran it.
When I tried running a script that way, though, I got an error message that indicated that suid scripts aren't allowed in Darwin. That's not altogether unheard-of, because they *do* pose a security risk. If an attacker somehow contrived to replace a script interpreter such as /usr/bin/perl without gaining root access, an suid script would then allow the replacement interpreter to run as root.
Suid binaries are allowed, though, because they don't rely on an external interpreter to run them. Create a "killpppd.c" file with the following:
#include <stdlib.h>
int main(argc, argv) {
system("/usr/bin/killall -KILL pppd");
}Compile it:
gcc -o killpppd killpppd.c
Then set the permissions on the resulting "killpppd" file, and make it suid:
sudo chown root ./killpppd sudo chmod go-rw ./killpppd sudo chmod u+s ./killpppd
Now, whenever you run "killpppd", it will run as root without you have to sudo. You could even call "killpppd" from Perl; the restriction on suid scripts applies only to the scripts themselves, not to whatever sub-processes they might launch.
sherm--
