Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Perl: porters

[perl #33159] Setuid script not plain file -error message

 

 

Perl porters RSS feed   Index | Next | Previous | View Threaded


perlbug-followup at perl

Dec 22, 2004, 1:43 PM

Post #1 of 4 (232 views)
Permalink
[perl #33159] Setuid script not plain file -error message

# New Ticket Created by erik [at] vontaene
# Please include the string: [perl #33159]
# in the subject line of all future correspondence about this issue.
# <URL: http://rt.perl.org:80/rt3/Ticket/Display.html?id=33159 >



This is a bug report for perl from erik [at] vontaene,
generated with the help of perlbug 1.35 running under perl v5.8.4.


-----------------------------------------------------------------
I recently had the problem of having the error message
"Setuid script not plain file"
with every perl script I used.
However after a _really_ long time I found out what the problem was:
For some reason - no I don't know - /dev/null what set suid.
I don't want to write a long story here so just this:
can you please more verbose output to your error messages?
Just like - in this case _which_ file is set suid.
Would be really nice.

thanks,
Erik Andresen


[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
category=core
severity=wishlist
---
Site configuration information for perl v5.8.4:

Configured by Debian Project at Mon Oct 25 01:52:37 EST 2004.

Summary of my perl5 (revision 5 version 8 subversion 4) configuration:
Platform:
osname=linux, osvers=2.4.27-ti1211, archname=i386-linux-thread-multi
uname='linux kosh 2.4.27-ti1211 #1 sun sep 19 18:17:45 est 2004 i686 gnulinux '
config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=i386-linux -Dprefix=/usr -Dprivlib=/usr/share/perl/5.8 -Darchlib=/usr/lib/perl/5.8 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.8.4 -Dsitearch=/usr/local/lib/perl/5.8.4 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Uusesfio -Uusenm -Duseshrplib -Dlibperl=libperl.so.5.8.4 -Dd_dosuid -des'
hint=recommended, useposix=true, d_sigaction=define
usethreads=define use5005threads=undef useithreads=define usemultiplicity=define
useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
use64bitint=undef use64bitall=undef uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
optimize='-O2',
cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN -fno-strict-aliasing -I/usr/local/include'
ccversion='', gccversion='3.3.5 (Debian 1:3.3.5-1)', gccosandvers=''
intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=4, prototype=define
Linker and Libraries:
ld='cc', ldflags =' -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib
libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
perllibs=-ldl -lm -lpthread -lc -lcrypt
libc=/lib/libc-2.3.2.so, so=so, useshrplib=true, libperl=libperl.so.5.8.4
gnulibc_version='2.3.2'
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:


---
@INC for perl v5.8.4:
/etc/perl
/usr/local/lib/perl/5.8.4
/usr/local/share/perl/5.8.4
/usr/lib/perl5
/usr/share/perl5
/usr/lib/perl/5.8
/usr/share/perl/5.8
/usr/local/lib/site_perl
.

---
Environment for perl v5.8.4:
HOME=/home/erik
LANG=de_DE [at] eur
LANGUAGE (unset)
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games
PERL_BADLANG (unset)
SHELL=/bin/bash


rgarciasuarez at mandrakesoft

Dec 23, 2004, 9:53 AM

Post #2 of 4 (252 views)
Permalink
Re: [perl #33159] Setuid script not plain file -error message [In reply to]

erik [at] vontaene (via RT) wrote:
> I recently had the problem of having the error message
> "Setuid script not plain file"
> with every perl script I used.
> However after a _really_ long time I found out what the problem was:
> For some reason - no I don't know - /dev/null what set suid.

The fact that perl stats /dev/null sounds like a bug to me.
Not sure why it happens. Needs investigation.

> I don't want to write a long story here so just this:
> can you please more verbose output to your error messages?
> Just like - in this case _which_ file is set suid.
> Would be really nice.

Before we figure out what happens, I at least documented the error:

Change 23672 by rgs [at] gruber on 2004/12/23 17:21:37

The "Setuid script not plain file" error wasn't documented.

Affected files ...

... //depot/perl/pod/perldiag.pod#393 edit

Differences ...

==== //depot/perl/pod/perldiag.pod#393 (text) ====

@@ -3500,6 +3500,11 @@
(F) The setuid emulator won't run a script that is writable by the
world, because the world might have written on it already.

+=item Setuid script not plain file
+
+(F) The setuid emulator won't run a script that isn't read from a file,
+but from a socket, a pipe or another device.
+
=item shm%s not implemented

(F) You don't have System V shared memory IPC on your system.

--
A seventh gravedigger came beside Mr Bloom to take up an idle spade.
-- Ulysses


nick at ccl4

Apr 30, 2012, 8:38 AM

Post #3 of 4 (119 views)
Permalink
Re: [perl #33159] Setuid script not plain file -error message [In reply to]

On Mon, Apr 30, 2012 at 05:57:01AM -0700, Father Chrysostomos via RT wrote:
> On Sun Apr 29 19:11:45 2012, Hugmeir wrote:
> > On Thu Dec 23 09:52:19 2004, rgarciasuarez [at] mandrakesoft wrote:
> > > erik [at] vontaene (via RT) wrote:
> > > > I recently had the problem of having the error message
> > > > "Setuid script not plain file"
> > > > with every perl script I used.
> > > > However after a _really_ long time I found out what the problem was:
> > > > For some reason - no I don't know - /dev/null what set suid.
> > >
> > > The fact that perl stats /dev/null sounds like a bug to me.
> > > Not sure why it happens. Needs investigation.

It's the long-standing internal hack that -e still requires a real file
handle. (Which I think I now can see a way to avoid)

> > Looks like this error was removed at some point in the 5.8 series (it's
> > not present in 5.8.8), so I vote to close this.

It's still present in 5.8.8 and 5.8.9. It's gone now.

> Even though that particular error was removed, one must ask: Does perl
> do anything with the suid bit any more?
>
> Just for the record, I suspect that -e was causing this, as it does
> funny things with /dev/null.

(gdb) r
Starting program: /home/nick/Perl/perl3/perl -e0

Breakpoint 1, 0x000000000053e7f0 in fstat64 ()
(gdb) where
#0 0x000000000053e7f0 in fstat64 ()
#1 0x0000000000422d2b in S_validate_suid (validarg=0x7fffffffe89c "-e0",
scriptname=0x53f107 "/dev/null") at perl.c:3386
#2 0x000000000041e856 in S_parse_body (env=0x0, xsinit=0x41ac57 <xs_init>)
at perl.c:1630
#3 0x000000000041db2c in perl_parse (my_perl=0x77d010,
xsinit=0x41ac57 <xs_init>, argc=2, argv=0x7fffffffe658, env=0x0)
at perl.c:1270
#4 0x000000000041ac14 in main (argc=2, argv=0x7fffffffe658,
env=0x7fffffffe670) at perlmain.c:84
(gdb) up
#1 0x0000000000422d2b in S_validate_suid (validarg=0x7fffffffe89c "-e0",
scriptname=0x53f107 "/dev/null") at perl.c:3386
3386 if (PerlLIO_fstat(PerlIO_fileno(PL_rsfp),&PL_statbuf) < 0) /* normal stat is insecure */

which is here:

#ifdef DOSUID
char *s, *s2;

if (PerlLIO_fstat(PerlIO_fileno(PL_rsfp),&PL_statbuf) < 0) /* normal stat is insecure */
Perl_croak(aTHX_ "Can't stat script \"%s\"",PL_origfilename);
if (PL_statbuf.st_mode & (S_ISUID|S_ISGID)) {


and then it continues:

3388 if (PL_statbuf.st_mode & (S_ISUID|S_ISGID)) {
(gdb) n
3480 if (!S_ISREG(PL_statbuf.st_mode)) {
(gdb)
3481 Perl_croak(aTHX_ "Setuid script not plain file\n");


So, yes, it's a crazy interaction between the -e implementation and DOSUID.
It's not a problem without DOSUID, and as DOSUID was removed for 5.12, I'll
close this bug.

Nicholas Clark

PS Yes, I did remember to sudo chmod u-s /dev/null


nick at ccl4

Apr 30, 2012, 8:43 AM

Post #4 of 4 (103 views)
Permalink
Re: [perl #33159] Setuid script not plain file -error message [In reply to]

On Mon, Apr 30, 2012 at 04:38:44PM +0100, Nicholas Clark wrote:

> So, yes, it's a crazy interaction between the -e implementation and DOSUID.
> It's not a problem without DOSUID, and as DOSUID was removed for 5.12, I'll
> close this bug.

Although, we never did what the the original bug reporter requested, which
was to update the error message to be more informative.

Nicholas Clark

Perl porters RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.