Perl and Suid

I spent all morning trying to figure out why my Perl script wasn't working as SUID. I'm using Net::Ping which, if you want to make an ICMP ping packet, requires you to be root. So I made the script setuid but it was still complaining that it wasn't root. So I did some research and found this:

Setuid Scripts Don't Seem to Work

That's right. This feature has been disabled in the Linux kernel on purpose, because setuid scripts are almost always a security hole. Sudo and SuidPerl can provide more security than setuid scripts or binaries, especially if execute permissions are limited to a certain user ID or group ID.

If you want to know why setuid scripts are a security hole, read the FAQ for comp.unix.questions.

So I just ended up using suidperl. Funky stuff!
Leave A Reply
All content licensed under the Creative Commons License