HPE Community
Operating System - HP-UX
1833712 Members
2013 Online
110063 Solutions
New Discussion

Disabling SET-ID error with a C - wrapper

 
Chern Jian Leaw
Regular Advisor

‎12-21-2002 12:21 AM

‎12-21-2002 12:21 AM

Disabling SET-ID error with a C - wrapper

Hi,

I obtained the following error when running a PERL script which takes an a text input file as its argument.
However, when executing the PERL script, the error message is obtained:

YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!FIX YOUR KERNEL, PUT A C WRAPPER AROUND THIS SCRIPT, OR USE -u AND UNDUMP!

None of the outputs written in the original PERL script produced this output.

I have cheked that no SGID, SUID and sticky bits set within the filesystem which this script resides.

I tried writting a C wrapper function for the sake of trying it out. It goes as follows:

#include
#include
#include
#include
#include

int main(int argc, char* argv[]){
char ** myArray = (char**)malloc(10);
myArray[0]=(char*)malloc(50);
myArray[1]=(char*)malloc(50);
myArray[2]=NULL;

strcpy(myArray[0], "/pgadm1/adm/cleaw/script/read.pl");
strcpy(a[1], "/pgadm1/adm/cleaw/script/tt");
execv("/pgadm1/adm/cleaw/script/read.pl", a);
perror("execv");
exit(1);
}

The PERL script is a very elementary script:
#!/usr/bin/intel/perl
if(scalar @ARGV ==0){
print "Usage $0 "
exit(1);
}
$file = shift(@ARGV);
chomp($file);
$contents = `head -1 $file`;
print "\$contents = $contents \n";

The text file is as follows:
#cat pattern_file.txt
Hi this is a test
Bye

There is not SGID, SUID or sticky bit even set on the input file. All files have been set to permission mode 755.

Could anyone help me out with this problem?
Or is there anything wrong with the wrapper code which I'm unaware of?

Thanks
0 Kudos
Reply
1 REPLY 1
Bill Hassell
Honored Contributor

‎12-21-2002 06:29 AM

‎12-21-2002 06:29 AM

Re: Disabling SET-ID error with a C - wrapper

The message:

YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!FIX YOUR KERNEL, PUT A C WRAPPER AROUND THIS SCRIPT, OR USE -u AND UNDUMP!

is not part of HP-UX. Apparently, someone has put some sort of security package on your system which is interfering with your project. HP-UX can disable the execution of setUID programs and scripts with options to mount points such as /tmp and /home. However, if you were to disable setUID capability completely, you would never be able to login and many important programs will no longer run.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.