How to enable suidperl in Debian wheezy?

问题

I have a Perl script which is owned by root and have setuid.

In this script I am changing the owner of a file passed as argument.

But on running this script I am getting

chown: changing ownership of `file': Operation not permitted

Someone told me script with setuid run with suidperl by default if it is enable.

But I don't think so that is happening in my case.

Can anyone help me in this matter? I am using Debian wheezy. My Perl version is 5.14.2. I tried

apt-get install perl-suid

but it did not work.

apt-cache search perl

gave me no candidate related to suid in Perl.

This is my Perl program

#! /usr/bin/perl -T

use Cwd 'abs_path';

sub check_path {
  my $file = $_[0];

  $file = abs_path($file);
  if ($file =~ /^\/home\/abc\/dir1\//) {
    return 1;
  }
  else {
    return 0;
    print("You can only update permissions for files inside /home/abc/dir1/ directory\n");
  }
}

if (@ARGV == 1) {
  if (&check_path($ARGV[0]) == 1) {
    $ENV{PATH} = "/bin:/usr/bin";
    my $command = "chown abc:abc " . $ARGV[0];
    if ($command =~ /^(.*)$/) {
      $command = $1;
    }

    $result = `$command`;
  }
}
elsif ((@ARGV == 2) && ($ARGV[0] eq "-R")) {
  if (&check_path($ARGV[1]) == 1) {
    $ENV{PATH} = "/bin:/usr/bin";
    my $command = "chown -R abc:abc " . $ARGV[1];
    if ($command =~ /^(.*)$/) {
      $command = $1;
    }
    $result = `$command`;
  }
}
else {
  print("Sorry wrong syntax. Syntax: perl /home/abc/sbin/update_permission.pl [-R] file_path");
}

回答1:

It's probably too late for you, but I had the same problem and used the following simple C wrapper (shamelessly taken from http://www.blyberg.net/downloads/suid-wrapper.c):

#include <unistd.h>
#include <errno.h>

main( int argc, char ** argv, char ** envp )
{
    if( setgid(getegid()) ) perror( "setgid" );
    if( setuid(geteuid()) ) perror( "setuid" );
    envp = 0; /* blocks IFS attack on non-bash shells */
    system( "/path/to/bash/script", argv, envp );
    perror( argv[0] );
    return errno;
}

Replace the path in the C code with the path to your script, compile with

gcc -o suid-wrapper suid-wrapper.c

and set the permissions with

chmod 6755 suid-wrapper

suidperl ist no longer an option, it has been removed without replacement in perl 5.12 (see perl5120delta, i.e. http://search.cpan.org/~shay/perl-5.20.2/pod/perl5120delta.pod).

来源：https://stackoverflow.com/questions/21663217/how-to-enable-suidperl-in-debian-wheezy