How to suid-secure this script

Sun, 22 Mar 1998 14:06:31 -0500 

Hi there,

I wrote the perl script included below, to facilitate version control when
hacking configuration files, using RCS. It creates a directory in /root to
store the rcsfiles in (convenient for backing up), creates a symlink called
RCS to that directory, and does a check in.

Currently, I use this only as root, but I want other users to be able to use
it as well (which would mean that I have to make it suid-root, since I don't
want to give just anybody write permissions to these directories. They just
might screw up my precious backups :)

Any suggestions as to what I could change to improve the security of the
suid version of this script??

Thanks a lot in advance

Groetjes,

Kees-Jan


-- Perl script follows -----------------------------------------------
#!/usr/bin/perl -w

$ROOTDIR="/root/config";

lstat "RCS";
if ( !-e _ )
{
  # RCS doesn't exist
  print "$0: RCS doesn't (yet) exist.\n";
  $curdir = `pwd`;
  chop $curdir;
  print "$0: Current directory ", $curdir, "\n";
  print "$0: Creating symlink...\n";
  (symlink "$ROOTDIR$curdir", "RCS") || die "$0: Can't create symlink\n";
  print "$0: Creating directory\n";
  ! ((system "mkdirhier $ROOTDIR$curdir") >> 8) ||
    die "$0: Can't create directory\n";
  print "$0: Done creating directory...\n";
  print "$0: Setting permissions right...\n";

  ( @stats = stat(".") ) || die "$0: Can't stat current directory\n";

  $mode = $stats[2];
  $uid  = $stats[4];
  $gid  = $stats[5];

  chown($uid, $gid, "RCS/") || die "$0: Can't change owner of RCS\n";
  chmod($mode, "RCS/") || die "$0: Can't change mode of RCS\n";
}

if ( ! -d "RCS" )
{
  die "$0: RCS is not a directory\n";
}

if ( @ARGV)
{
  @found = @ARGV;
  @notfound = ();
}
else
{
  print "No command line arguments. Checking in everything...\n";
  @found = ();
  @notfound = ();
  while ( <RCS/*,v> )
    {
      s/RCS\/(.*),v/$1/;
      if ( -f $_ )
      {
        push @found, $_;
      }
      else
      {
        push @notfound, $_;
      }
    }
}
  
if ( @found )
{
  $files = join(" ", @found);
  $result = system("ci -l $files") >> 8;
}
else
{
  $result = 0;
}


if ( @notfound )
{
    print "$0: Couldn't find the following files: ", 
           join (" ", @notfound), "\n";
}

if ($result)
{
  print "$0: There were errors!\n";
}
else
{
  print "$0: Everything went fine\n";
}


-- 
  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
         To unsubscribe: mail [EMAIL PROTECTED] with 
                       "unsubscribe" as the Subject.

Reply via email to