我正在使用 Perl 脚本从 mqueue 文件夹中删除 sendmail 的数据。
When I setuid到该 Perl 脚本并尝试从用户运行它,它会抛出以下消息:
Insecure dependency in chdir while running setuid at /file/find
如何解决并以root权限成功运行脚本?
!/usr/bin/perl
use strict;
my $qtool = "/usr/local/bin/qtool.pl";
my $mqueue_directory = "/var/spool/mqueue";
my $messages_removed = 0;
use File::Find;
# Recursively find all files and directories in $mqueue_directory
find(\&wanted, $mqueue_directory);
sub wanted {
# Is this a qf* file?
if ( /^qf(\w{14})/ ) {
my $qf_file = $_;
my $queue_id = $1;
my $deferred = 0;
my $from_postmaster = 0;
my $delivery_failure = 0;
my $double_bounce = 0;
open (QF_FILE, $_);
while(<QF_FILE>) {
$deferred = 1 if ( /^MDeferred/ );
$from_postmaster = 1 if ( /^S<>$/ );
$delivery_failure = 1 if \
( /^H\?\?Subject: DELIVERY FAILURE: (User|Recipient)/ );
if ( $deferred && $from_postmaster && $delivery_failure ) {
$double_bounce = 1;
last;
}
}
close (QF_FILE);
if ($double_bounce) {
print "Removing $queue_id...\n";
system "$qtool", "-d", $qf_file;
$messages_removed++;
}
}
}
print "\n$messages_removed total \"double bounce\" message(s) removed from ";
print "mail queue.\n";
“不安全依赖”是Taint thing: http://perldoc.perl.org/perlsec.html http://perldoc.perl.org/perlsec.html.
由于您运行了脚本 setuid,因此正在强制执行污点。您需要指定untaint作为 File::Find 的 %option 键:
http://metacpan.org/pod/File::Find http://metacpan.org/pod/File%3a%3aFind
my %options = (
wanted => \&wanted,
untaint => 1
);
find(\%options, $mqueue_directory);
您还应该看看untaint_pattern在 File::Find 的 POD 中。
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)
