Running $ORIGIN linked binaries from setuid scripts on linux

Posted by drscroogemcduck on Server Fault See other posts from Server Fault or by drscroogemcduck
Published on 2010-04-22T12:28:54Z Indexed on 2012/09/03 15:40 UTC
Read the original article Hit count: 279

Filed under:

I'm using suidperl to run some programs that require root permissions. however, the runtime linker won't expand library paths which contain $ORIGIN entries so the programs i want to run (jstack from java) won't run.

more info here

There is one exception to the advice to make heavy use of $ORIGIN. The runtime linker will not expand tokens like $ORIGIN for secure (setuid) applications. This should not be a problem in the vast majority of cases.

my program looks something like this:

#!/usr/bin/perl
$ENV{PATH} = "/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/java/jdk1.6.0_12/bin:/root/bin";
$ENV{JAVA_HOME} = "/usr/java/jdk1.6.0_12";
open(FILE, '/var/run/kil.pid');
$pid = <FILE>;
close(FILE);
chomp($pid);
if ($pid =~ /^(\d+)/) {
 $pid = $1;
} else {
  die 'nopid';
}

system( "/usr/java/jdk1.6.0_12/bin/jstack", "$pid");

is there any way to fork off a child process in a way so that the linker will work correctly.

© Server Fault or respective owner

Related posts about linux