SUMMARY: HELP! setuid c wrapper

From: David W. Blaine (
Date: Mon Aug 23 1999 - 14:45:54 CDT

Sorry for the delay in summarizing my findings, but I was away on training for
the last week.

Thanks to the following people for leading me in the right direction:
Luis Pablo Perez <>
Steve Harris <>
Stephen Harris <>
Craig Raskin <>
Anthony David <>
"Carsten B. Knudsen" <>

My C wrapper was the problem. It needed to call setuid(0) and seteuid(0) before
exec'ing my script. Here is the corrected C wrapper:

/* program: update
   author: D.Blaine
   date: 08/04/99

   purpose: C program wrapper that calls ksh script

#define REAL_H2N "/usr/local/dns/"
main(argc, argv)
char **argv;
        execv(REAL_H2N, argv);

The above code sans the corrections is almost word-for-word out of the Perl book
I have (O'Reilly's Advanced Perl Programming). Funny, they didn't mention the
setuid/seteuid function calls! Many people mentioned correcting the Perl code so
that when it runs in "taint" mode it doesn't spit all over itself. I was able to
add a secure environment but I was never able to open files for write properly.
Of course, I got my pointers from the same Perl book mentioned above. Oh well.
Problem solved.

Thanks again,

Dave Blaine

------------- Begin Forwarded Message -------------

Date: Fri, 13 Aug 1999 16:17:54 -0400 (EDT)
From: "David W. Blaine" <>
Subject: HELP! setuid c wrapper
MIME-Version: 1.0
Content-MD5: vbkFRqE2ILn/utkrF96xmA==

Hi sun-gurus:

I am not sure if this is a proper forum for this question but here goes. I have
a ksh script for DNS updates which calls some perl code (h2n). Since this script
needs to run with root priviledge, I wrote a C wrapper that is setuid to call
it. I get the following:

update -f

Executing on Fri Aug 13 16:08:18 EDT 1999:

Backing up old hosts table

Copying hosts table changes into production

Running h2n on new hosts table
Insecure dependency in open while running setuid at /usr/local/bin/h2n line 465.
ERROR encountered during h2n processing!

Perl is complaining about running setuid, but I thought the C wrapper would take
care of that (at least that's what the docs tell me). Here are the permissions I
have set.

ls -al update*
-rwsr-xr-- 1 root 23720 Aug 13 16:04 update
-rw-r--r-- 1 root 228 Aug 13 16:03 update.c
-r-xr-xr-- 1 root 4320 Aug 12 13:59
-r-xr-xr-- 1 root 20476 Aug 4 16:42 h2n

The system it runs on is running Solaris 2.5.1.

Any ideas???

David Blaine (
Computer Systems Engineer
Phone: 810-825-7650

------------- End Forwarded Message -------------

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:25 CDT