Re: [Speedycgi-users] SpeedyCGI and Perl 5.8.4
Brought to you by:
samh
Menu
▾
▴
Re: [Speedycgi-users] SpeedyCGI and Perl 5.8.4
|
From: Chung-Kie T. <tu...@tu...> - 2004-06-08 08:08:06
|
Hi, After doing more detailed tests, I found all the problems only happen with setuid programs. The setuid script I used to do test is ----------------------------------------------------- #!/usr/local/bin/speedy_suid -T -- -T/var/run/speedy print "pid=$$, ruid=$<, euid=$>\n"; ----------------------------------------------------- And this setuid script could be executed only if 1. the interpreter has the string 'perl' in its filename 2. no argument at all (either '-T' for interpreter or '-- -T/var/run/speedy' for speedy will cause argument mismatch error) ----------------------------------------------------- #!/usr/local/bin/speedy_suidperl print "pid=$$, ruid=$<, euid=$>\n"; ----------------------------------------------------- The good news is we have to rename speedy_suid only, the bad news is we can't do taint check with -T. Best Regards. tung -- Distributed System Laboratory (http://dslab.ee.ncku.edu.tw) Department of Electrical Engineering National Cheng Kung University, Tainan, Taiwan, R.O.C. |
