On Fri, 20 Dec 1996, Michael Stolisov wrote:
> How can I correct this problem, here's some detail:
>
> .procmailrc
>
> :0 w
> * ^From:.*<someuser(_at_)domain(_dot_)com>
> | /usr/local/admin/program.pl
>
--> > Procmail is suid set.
>
> Message generated from Procmail.
>
--> > Insecure $ENV{PATH} while running setuid at /dev/fd/3 line 60.
> procmail: [27127] Fri Dec 20 09:51:45 1996
> procmail: Program failure (255) of "/usr/local/admin/program.pl"
> procmail: Assigning "LASTFOLDER=/usr/local/admin/program.pl"
The two lines marked '-->' are your primary clues. Read the Perl
man page on security (ie: "man perlsec").
Basically, in a suid script, you must ensure that *all* data from
the outside world is secure.
If you inherit any variables, such as PATH, and reference them, without
checking their values, they are insecure. The two ways to "check" PATH:
Set its value (ie: do not inherit it).
$ENV{'PATH'} = '/bin:/usr/bin:/usr/sbin:/usr/bsd:/usr/local/bin';
Check its value:
@path = split(/:/,$ENV{'PATH'});
@path = grep(!/\.\./,@path); # remove all dot-dot paths
@path = grep(!/tmp/,@path); # no paths from any tmp dirs
$ENV{'PATH'} = join(':',@path); # put the survivors back
In both cases, we've made the $ENV{'PATH'} value "secure", at
least according to Perl's notion of secureness.
G'luck.
___________________________________________________________
Alan Stebbens <aks(_at_)sgi(_dot_)com> http://reality.sgi.com/aks