[vox-tech] Running a suid root perl script
Ken Herron
vox-tech@lists.lugod.org
Mon, 05 May 2003 13:43:34 -0700
--On Monday, May 05, 2003 11:37:20 -0700 Henry House
<hajhouse@houseag.com> wrote:
> #!/usr/bin/suidperl -T
> $ENV{'PATH'} = '/bin:/usr/bin';
> delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
> $ENV{'HOME'} = '/root';
> open(BOGOFILTER, "|ssh root\@mail.internal bogofilter -Nsv");
> while ($line = <STDIN>) { print BOGOFILTER $line }
> close(BOGOFILTER);
> exit
My guess is that you're being tripped up by the real ID being different
from the effective ID. Ssh is pretty strict about security and not every
thing it checks is described in the documentation.
However, would recommend you implement this process in another way. First
of all, the script will fail rather badly if the open() step fails for
any reason. Second, you're apparently using a general-purpose ssh key
which can be used to run any kind of command on the remote system, with
the script being the only protection. You should set up a special key
which can only be used to run "bogofilter -Nsv" on the remote host.
Third, there's no good reason to be using the root ID for this, at least
on the local side.
Personally I wouldn't have the user launching ssh interactively at all.
I'd probably just write the mail to a file in a directory somewhere, then
use a cron job to periodically copy the directory contents to the remote
system. Maybe you trust your users, but the script you've posted here
would make me nervous.
For example, bogofilter has to lock its wordlist files to guard against
simultaneous access. If bogofilter is part of the normal mail delivery
process, then someone running
sleep 999999 | /usr/local/bin/spamlearn
might be able to halt normal mail delivery.
--
Kenneth Herron Kherron@newsguy.com 916-366-7338