I'm using suidperl to run some programs that require root permissions. however, the runtime linker won't expand library paths which contain $ORIGIN entries so the programs i want to run (jstack from java) won't run.
There is one exception to the advice to make heavy use of $ORIGIN. The runtime linker will not expand tokens like $ORIGIN for secure (setuid) applications. This should not be a problem in the vast majority of cases.
my program looks something like this:
#!/usr/bin/perl
$ENV{PATH} = "/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/java/jdk1.6.0_12/bin:/root/bin";
$ENV{JAVA_HOME} = "/usr/java/jdk1.6.0_12";
open(FILE, '/var/run/kil.pid');
$pid = <FILE>;
close(FILE);
chomp($pid);
if ($pid =~ /^(\d+)/) {
$pid = $1;
} else {
die 'nopid';
}
system( "/usr/java/jdk1.6.0_12/bin/jstack", "$pid");
is there any way to fork off a child process in a way so that the linker will work correctly.
Instead of using setuidperl, consider using sudo to start your script?
If the goal is to let users run this w/ elevated permissions, you may need to write a bounce script that executes a "-helper" version of your script.