Gentoo Logo

About | Projects | Docs | Forums | Lists | Bugs | Get Gentoo! | Support | Planet | Wiki

Gentoo Spaceship
Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-perl
Navigation:
Lists: gentoo-perl: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-perl@g.o
From: Jan Dusek <j.d@...>
Subject: IPTables::IPv4 suid problem
Date: Sun, 30 Oct 2005 14:56:54 +0100 
Hi, I'm having problems with running perl scripts that use IPTables::IPv4 via suid 
wrapper. Right now, for debugging reasons, I don't use any kernel hardening (like 
Grsecurity or PaX), but my system was emerged with "hardened" and "pic" USE flags 
- could that be the problem?

Thanks for any help.
Jan

Here's what's going on:

root # cat test.pl
#!/usr/bin/perl
use IPTables::IPv4;
use strict;

my $table = IPTables::IPv4::init('filter');
die "cannot initialize filter table!" unless defined $table;


root # cat wrap.c
#include <stdio.h>

int main(int argc, char** argv)
{
   execl("./test.pl", 0);
   return 0;
}


root # gcc -o wrap wrap.c

root # chmod u+s wrap

root # ./wrap

root # su - joe

joe $ ./wrap
cannot initialize filter table! at ./test.pl line 6.

joe $ strace ./wrap
...
stat64("/etc/perl/auto/IPTables/IPv4", 0x80118740) = -1 ENOENT (No such file or 
directory)
stat64("/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IPTables/IPv4", 0x80118740) 
= -1 ENOENT (No such file or directory)
stat64("/usr/lib/perl5/site_perl/5.8.6/auto/IPTables/IPv4", 0x80118740) = -1 
ENOENT (No such file or directory)
stat64("/usr/lib/perl5/site_perl/auto/IPTables/IPv4", 0x80118740) = -1 ENOENT (No 
such file or directory)
stat64("/usr/lib/perl5/vendor_perl/5.8.6/i686-linux/auto/IPTables/IPv4", 
{st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat64("/usr/lib/perl5/vendor_perl/5.8.6/i686-linux/auto/IPTables/IPv4/IPv4.so", 
{st_mode=S_IFREG|0555, st_size=67624, ...}) = 0
stat64("/usr/lib/perl5/vendor_perl/5.8.6/i686-linux/auto/IPTables/IPv4/IPv4.bs", 
{st_mode=S_IFREG|0444, st_size=0, ...}) = 0
open("/usr/lib/perl5/vendor_perl/5.8.6/i686-linux/auto/IPTables/IPv4/IPv4.so", 
O_RDONLY) = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\'\0"..., 512) = 512
fstat64(4, {st_mode=S_IFREG|0555, st_size=67624, ...}) = 0
mmap2(NULL, 69972, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x40203000
mmap2(0x40213000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 
4, 0xf) = 0x40213000
close(4)                                = 0
mprotect(0x40203000, 65536, PROT_READ|PROT_WRITE) = 0
mprotect(0x40203000, 65536, PROT_READ|PROT_EXEC) = 0
read(3, "", 4096)                       = 0
close(3)                                = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = -1 EPERM (Operation not permitted)
write(2, "cannot initialize filter table! "..., 53cannot initialize filter table! 
at ./test.pl line 6.
) = 53
exit_group(1)                           = ?

-- 
gentoo-perl@g.o mailing list
Navigation:
Lists: gentoo-perl: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
help for perlscripting
Next by thread:
Proposed perl herd document
Previous by date:
Re: help for perlscripting
Next by date:
Proposed perl herd document


Updated Jun 17, 2009

Summary: Archive of the gentoo-perl mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.