RES: apache mod_perl + suid question

I think you can't get out of tainted mode under mod_perl.

You will have a big security role if you quit tainted mode.

Regards,

Vitor


-----Mensagem original-----
De: pandit_tushar@xxxxxxx [mailto:pandit_tushar@xxxxxxx]
Enviada em: sábado, 27 de julho de 2002 12:06
Para: vsmori@xxxxxxxxxx; pandit_tushar@xxxxxxx; modperl@xxxxxxxxxxxxxxx
Assunto: RE: apache mod_perl + suid question


Vitor,

The thing is also that I can run the wrapper from the command line without
the
-T switch, and I do succeed, i.e. the password does get changed. Seems like
mod_perl by default has the taint mode on.
How do I get rid of this taint mode from mod_perl.
At present I have the following "use" calls in mod_perl:

use Apache::Constants qw(:common);
use Apache::Debug();
use CGI '-autoload';


Do I need to add something here or take out something from here to get rid
of the tainted mode ?

thanks.


-Tushar




-----Original Message-----
From: Vitor [mailto:vsmori@xxxxxxxxxx]
Sent: Friday, July 26, 2002 8:31 PM
To: pandit_tushar@xxxxxxx; modperl@xxxxxxxxxxxxxxx
Subject: RES: apache mod_perl + suid question


Tushar,

It's not recommeded to run apache as root. (Security issues).

I have some applications that uses system command under mod_perl without
problems.

Try to execute you wrapper script in command line. Execute it with
/usr/bin/perl -T (tainted mode), that checks if your script is safe. If you
got error results, you will know why it's not working.

$ret = `$wrapper` , also should work in you configuration (running apache as
root).

Regards,

Vitor

-----Mensagem original-----
De: pandit_tushar@xxxxxxx [mailto:pandit_tushar@xxxxxxx]
Enviada em: sexta-feira, 26 de julho de 2002 20:13
Para: vsmori@xxxxxxxxxx; modperl@xxxxxxxxxxxxxxx
Assunto: RE: apache mod_perl + suid question


Thanks Vitor...

I have something very similar to what you mention below..only
that I am taking the username and passwd from the apache gui.
Then I encrypt the passwd and send that to wrapper(i.e. suid_file)
script.
So I have something like system($wrapper), where $wrapper =
suid_file.pl "encrupted passwd" "username".

I changed the suid_file to 4750 and have the ownership and
group as root,root. I am also runing Apache as root. I don't
have httpd as a user or group. Do I need to ?
Also do I need to use the ystem command, can't I just do
$ret = `$wrapper` ?

thanks.

-Tushar


-----Original Message-----
From: Vitor [mailto:vsmori@xxxxxxxxxx]
Sent: Friday, July 26, 2002 7:04 PM
To: pandit_tushar@xxxxxxx; modperl@xxxxxxxxxxxxxxx
Subject: RES: apache mod_perl + suid question


Hello Tushar,

Try this :

$suid_file = "file_path/suidfile.pl";

$user = "nobody";

$passwd = "kdsak";

(system($suid_file,$user,$$passwd))
or die "Error in suid operation $! ";

Note that suid_file need the following commands :

- chmod 4750
- chown root:httpd

Regards,

Vitor



-----Mensagem original-----
De: pandit_tushar@xxxxxxx [mailto:pandit_tushar@xxxxxxx]
Enviada em: sexta-feira, 26 de julho de 2002 19:41
Para: modperl@xxxxxxxxxxxxxxx
Assunto: apache mod_perl + suid question



Hello,

I am trying to write a password changing program. For this I have a mod_perl
subroutine
from where I am trying to execute a perl script(with suid permissions 4711),
which is a wrapper and
in turn calls the usermod command on linux with the old and new passwords.
The problem I am having:
1: The usermod command doesn't get executed. I have tried debugging
this...by having a log
file(/usr/local/apache/logs) and the mod_perl process does open the wrapper
script..but then does
nothing. It does not  execute the command. What am I doing wrong ? I know
there might be some
quirks with suid permissons and I would like to know how can I overcome
this.
I have something like below from mod_perl subroutine:

my $ret_val = `$wrapper`;

Within the wrapper perl script, I call usermond with the passwds by doing:
$ret = `$usermondcmd 2>&1`


Any help would be much appreciated.

thanks a lot.

-Tushar