Setuid到Perl脚本

我正在使用一个Perl脚本从sendmail的mqueue文件夹中删除数据。

当我setuid到该Perl脚本,并尝试从用户运行它引发此消息:

 Insecure dependency in chdir while running setuid at /file/find 

如何解决这个问题,并成功地运行与根priveleges的脚本?

 !/usr/bin/perl use strict; my $qtool = "/usr/local/bin/qtool.pl"; my $mqueue_directory = "/var/spool/mqueue"; my $messages_removed = 0; use File::Find; # Recursively find all files and directories in $mqueue_directory find(\&wanted, $mqueue_directory); sub wanted { # Is this a qf* file? if ( /^qf(\w{14})/ ) { my $qf_file = $_; my $queue_id = $1; my $deferred = 0; my $from_postmaster = 0; my $delivery_failure = 0; my $double_bounce = 0; open (QF_FILE, $_); while(<QF_FILE>) { $deferred = 1 if ( /^MDeferred/ ); $from_postmaster = 1 if ( /^S<>$/ ); $delivery_failure = 1 if \ ( /^H\?\?Subject: DELIVERY FAILURE: (User|Recipient)/ ); if ( $deferred && $from_postmaster && $delivery_failure ) { $double_bounce = 1; last; } } close (QF_FILE); if ($double_bounce) { print "Removing $queue_id...\n"; system "$qtool", "-d", $qf_file; $messages_removed++; } } } print "\n$messages_removed total \"double bounce\" message(s) removed from "; print "mail queue.\n"; 

Solutions Collecting From Web of "Setuid到Perl脚本"

“不安全的依赖”是一个Taint事情: http : //perldoc.perl.org/perlsec.html 。

由于您已经运行脚本setuid,所以正在执行异常。 您需要指定untaint作为File :: Find的%选项键:

http://metacpan.org/pod/File::Find

 my %options = ( wanted => \&wanted, untaint => 1 ); find(\%options, $mqueue_directory); 

你也应该看看File :: Find的POD中的untaint_pattern

你应该建立一个程序包装器。 几乎在任何Unix系统上,脚本都不能通过SetUID位获得root权限。 你可以在这里找到一些有用的例子http://www.tuxation.com/setuid-on-shell-scripts.html