Mailing List Archive

[perl #33159] Setuid script not plain file -error message
# New Ticket Created by erik@vontaene.de
# Please include the string: [perl #33159]
# in the subject line of all future correspondence about this issue.
# <URL: http://rt.perl.org:80/rt3/Ticket/Display.html?id=33159 >



This is a bug report for perl from erik@vontaene.de,
generated with the help of perlbug 1.35 running under perl v5.8.4.


-----------------------------------------------------------------
I recently had the problem of having the error message
"Setuid script not plain file"
with every perl script I used.
However after a _really_ long time I found out what the problem was:
For some reason - no I don't know - /dev/null what set suid.
I don't want to write a long story here so just this:
can you please more verbose output to your error messages?
Just like - in this case _which_ file is set suid.
Would be really nice.

thanks,
Erik Andresen


[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
category=core
severity=wishlist
---
Site configuration information for perl v5.8.4:

Configured by Debian Project at Mon Oct 25 01:52:37 EST 2004.

Summary of my perl5 (revision 5 version 8 subversion 4) configuration:
Platform:
osname=linux, osvers=2.4.27-ti1211, archname=i386-linux-thread-multi
uname='linux kosh 2.4.27-ti1211 #1 sun sep 19 18:17:45 est 2004 i686 gnulinux '
config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=i386-linux -Dprefix=/usr -Dprivlib=/usr/share/perl/5.8 -Darchlib=/usr/lib/perl/5.8 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.8.4 -Dsitearch=/usr/local/lib/perl/5.8.4 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Uusesfio -Uusenm -Duseshrplib -Dlibperl=libperl.so.5.8.4 -Dd_dosuid -des'
hint=recommended, useposix=true, d_sigaction=define
usethreads=define use5005threads=undef useithreads=define usemultiplicity=define
useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
use64bitint=undef use64bitall=undef uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
optimize='-O2',
cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN -fno-strict-aliasing -I/usr/local/include'
ccversion='', gccversion='3.3.5 (Debian 1:3.3.5-1)', gccosandvers=''
intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=4, prototype=define
Linker and Libraries:
ld='cc', ldflags =' -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib
libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
perllibs=-ldl -lm -lpthread -lc -lcrypt
libc=/lib/libc-2.3.2.so, so=so, useshrplib=true, libperl=libperl.so.5.8.4
gnulibc_version='2.3.2'
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:


---
@INC for perl v5.8.4:
/etc/perl
/usr/local/lib/perl/5.8.4
/usr/local/share/perl/5.8.4
/usr/lib/perl5
/usr/share/perl5
/usr/lib/perl/5.8
/usr/share/perl/5.8
/usr/local/lib/site_perl
.

---
Environment for perl v5.8.4:
HOME=/home/erik
LANG=de_DE@euro
LANGUAGE (unset)
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games
PERL_BADLANG (unset)
SHELL=/bin/bash
Re: [perl #33159] Setuid script not plain file -error message [ In reply to ]
erik@vontaene.de (via RT) wrote:
> I recently had the problem of having the error message
> "Setuid script not plain file"
> with every perl script I used.
> However after a _really_ long time I found out what the problem was:
> For some reason - no I don't know - /dev/null what set suid.

The fact that perl stats /dev/null sounds like a bug to me.
Not sure why it happens. Needs investigation.

> I don't want to write a long story here so just this:
> can you please more verbose output to your error messages?
> Just like - in this case _which_ file is set suid.
> Would be really nice.

Before we figure out what happens, I at least documented the error:

Change 23672 by rgs@grubert on 2004/12/23 17:21:37

The "Setuid script not plain file" error wasn't documented.

Affected files ...

... //depot/perl/pod/perldiag.pod#393 edit

Differences ...

==== //depot/perl/pod/perldiag.pod#393 (text) ====

@@ -3500,6 +3500,11 @@
(F) The setuid emulator won't run a script that is writable by the
world, because the world might have written on it already.

+=item Setuid script not plain file
+
+(F) The setuid emulator won't run a script that isn't read from a file,
+but from a socket, a pipe or another device.
+
=item shm%s not implemented

(F) You don't have System V shared memory IPC on your system.

--
A seventh gravedigger came beside Mr Bloom to take up an idle spade.
-- Ulysses
Re: [perl #33159] Setuid script not plain file -error message [ In reply to ]
On Mon, Apr 30, 2012 at 05:57:01AM -0700, Father Chrysostomos via RT wrote:
> On Sun Apr 29 19:11:45 2012, Hugmeir wrote:
> > On Thu Dec 23 09:52:19 2004, rgarciasuarez@mandrakesoft.com wrote:
> > > erik@vontaene.de (via RT) wrote:
> > > > I recently had the problem of having the error message
> > > > "Setuid script not plain file"
> > > > with every perl script I used.
> > > > However after a _really_ long time I found out what the problem was:
> > > > For some reason - no I don't know - /dev/null what set suid.
> > >
> > > The fact that perl stats /dev/null sounds like a bug to me.
> > > Not sure why it happens. Needs investigation.

It's the long-standing internal hack that -e still requires a real file
handle. (Which I think I now can see a way to avoid)

> > Looks like this error was removed at some point in the 5.8 series (it's
> > not present in 5.8.8), so I vote to close this.

It's still present in 5.8.8 and 5.8.9. It's gone now.

> Even though that particular error was removed, one must ask: Does perl
> do anything with the suid bit any more?
>
> Just for the record, I suspect that -e was causing this, as it does
> funny things with /dev/null.

(gdb) r
Starting program: /home/nick/Perl/perl3/perl -e0

Breakpoint 1, 0x000000000053e7f0 in fstat64 ()
(gdb) where
#0 0x000000000053e7f0 in fstat64 ()
#1 0x0000000000422d2b in S_validate_suid (validarg=0x7fffffffe89c "-e0",
scriptname=0x53f107 "/dev/null") at perl.c:3386
#2 0x000000000041e856 in S_parse_body (env=0x0, xsinit=0x41ac57 <xs_init>)
at perl.c:1630
#3 0x000000000041db2c in perl_parse (my_perl=0x77d010,
xsinit=0x41ac57 <xs_init>, argc=2, argv=0x7fffffffe658, env=0x0)
at perl.c:1270
#4 0x000000000041ac14 in main (argc=2, argv=0x7fffffffe658,
env=0x7fffffffe670) at perlmain.c:84
(gdb) up
#1 0x0000000000422d2b in S_validate_suid (validarg=0x7fffffffe89c "-e0",
scriptname=0x53f107 "/dev/null") at perl.c:3386
3386 if (PerlLIO_fstat(PerlIO_fileno(PL_rsfp),&PL_statbuf) < 0) /* normal stat is insecure */

which is here:

#ifdef DOSUID
char *s, *s2;

if (PerlLIO_fstat(PerlIO_fileno(PL_rsfp),&PL_statbuf) < 0) /* normal stat is insecure */
Perl_croak(aTHX_ "Can't stat script \"%s\"",PL_origfilename);
if (PL_statbuf.st_mode & (S_ISUID|S_ISGID)) {


and then it continues:

3388 if (PL_statbuf.st_mode & (S_ISUID|S_ISGID)) {
(gdb) n
3480 if (!S_ISREG(PL_statbuf.st_mode)) {
(gdb)
3481 Perl_croak(aTHX_ "Setuid script not plain file\n");


So, yes, it's a crazy interaction between the -e implementation and DOSUID.
It's not a problem without DOSUID, and as DOSUID was removed for 5.12, I'll
close this bug.

Nicholas Clark

PS Yes, I did remember to sudo chmod u-s /dev/null
Re: [perl #33159] Setuid script not plain file -error message [ In reply to ]
On Mon, Apr 30, 2012 at 04:38:44PM +0100, Nicholas Clark wrote:

> So, yes, it's a crazy interaction between the -e implementation and DOSUID.
> It's not a problem without DOSUID, and as DOSUID was removed for 5.12, I'll
> close this bug.

Although, we never did what the the original bug reporter requested, which
was to update the error message to be more informative.

Nicholas Clark