Operating System - HP-UX
1833712 Members
2013 Online
110063 Solutions
New Discussion

Disabling SET-ID error with a C - wrapper

 
Chern Jian Leaw
Regular Advisor

Disabling SET-ID error with a C - wrapper

Hi,

I obtained the following error when running a PERL script which takes an a text input file as its argument.
However, when executing the PERL script, the error message is obtained:

YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!FIX YOUR KERNEL, PUT A C WRAPPER AROUND THIS SCRIPT, OR USE -u AND UNDUMP!

None of the outputs written in the original PERL script produced this output.

I have cheked that no SGID, SUID and sticky bits set within the filesystem which this script resides.

I tried writting a C wrapper function for the sake of trying it out. It goes as follows:

#include
#include
#include
#include
#include

int main(int argc, char* argv[]){
char ** myArray = (char**)malloc(10);
myArray[0]=(char*)malloc(50);
myArray[1]=(char*)malloc(50);
myArray[2]=NULL;

strcpy(myArray[0], "/pgadm1/adm/cleaw/script/read.pl");
strcpy(a[1], "/pgadm1/adm/cleaw/script/tt");
execv("/pgadm1/adm/cleaw/script/read.pl", a);
perror("execv");
exit(1);
}

The PERL script is a very elementary script:
#!/usr/bin/intel/perl
if(scalar @ARGV ==0){
print "Usage $0 "
exit(1);
}
$file = shift(@ARGV);
chomp($file);
$contents = `head -1 $file`;
print "\$contents = $contents \n";

The text file is as follows:
#cat pattern_file.txt
Hi this is a test
Bye

There is not SGID, SUID or sticky bit even set on the input file. All files have been set to permission mode 755.

Could anyone help me out with this problem?
Or is there anything wrong with the wrapper code which I'm unaware of?

Thanks


1 REPLY 1
Bill Hassell
Honored Contributor

Re: Disabling SET-ID error with a C - wrapper

The message:

YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!FIX YOUR KERNEL, PUT A C WRAPPER AROUND THIS SCRIPT, OR USE -u AND UNDUMP!

is not part of HP-UX. Apparently, someone has put some sort of security package on your system which is interfering with your project. HP-UX can disable the execution of setUID programs and scripts with options to mount points such as /tmp and /home. However, if you were to disable setUID capability completely, you would never be able to login and many important programs will no longer run.


Bill Hassell, sysadmin