HPE Community
Operating System - HP-UX
1832973 Members
2576 Online
110048 Solutions
New Discussion

YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!

 
Sreenivas_1
Occasional Advisor

‎12-31-2002 08:52 PM

‎12-31-2002 08:52 PM

YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!

Hi I am trying to run some PERL script.
The file permissions are uesr1:group1 with 2500.
If i am running the script as user1 i am not getting any error. If i try to run this script the following error message is coming:
"YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!
FIX YOUR KERNEL, PUT A C WRAPPER AROUND THIS SCRIPT, OR USE -u AND UNDUMP! "

Please let me know what to be done to get rid of the above error message.
0 Kudos
Reply
4 REPLIES 4
Steven E. Protter
Exalted Contributor

‎12-31-2002 10:21 PM

‎12-31-2002 10:21 PM

Re: YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!

That script has security code in it and is pointing out a security flaw in your system.

If it means setuid, suid, its a program like passwd that gives temporary root access.

If you do this to the wrong proram, you might as well let the nefarious hacker drive an M1A1 Abrams tank through your system.

You need a thorough secuirty review on this system.

I'd start with security_patch_check a free utility from hp.

For a more thorough review, try Bastille, an open source port, also available from HP.

It will tune up your system rather nicely.

I do not believe your message is coming from the os, I think its coming from the script. You might want to read it, even post it up here.
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎12-31-2002 11:06 PM

‎12-31-2002 11:06 PM

Re: YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!

Stephen is correct, that message is definitely NOT coming from HP-UX. Have a look at the PERL script itself and I can almost guarantee that you will see that message in the script somewhere.

If I saw that message, I would then inspect that script VERY VERY CLOSELY to make sure it is doing what you think it is doing as the programmer doesn't know HP-UX very well.

The clue is the "SET-ID". The correct term is SETUID scripts. Also, there is no way I know of to disable setuid scripts in the "kernel". It can be done via /etc/fstab options, but not via the kernel itself.

I personally would not trust this script at all. Just reading that message gives me a funny feeling that something may be going on with the script that you do not know about. Maybe I'm just paranoind, but aren't we, as sys admins, paid to be?
0 Kudos
Reply
Rajeev Shukla
Honored Contributor

‎12-31-2002 11:35 PM

‎12-31-2002 11:35 PM

Re: YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!

This definately is not HPUX error. It looks like you are running some security program which is interfering from setting GID(SET-GID). Because i cant see disabling SET-ID in Kernel, because if you disable that no one would be really able to login into the system.

Rajeev
0 Kudos
Reply
Sreenivas_1
Occasional Advisor

‎01-01-2003 12:41 AM

‎01-01-2003 12:41 AM

Re: YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!

Hi, It is not coming from the OS and also not part of the perl script. It is thrown by the PERL interprter itself. This can be seen by man. man perldiag.

Thanks
Sreenivas.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.