Executing a setuid perl script within a perl script

Question

I have two perl scripts:

getPwd.pl - setuid perl script that returns a password

sub getOraPwd{ ... return getOraPwd; } getOraPwd();
testDBConn.pl

I want to call getPwd.pl in the testDBConn.pl script and assign the result of the getPwd script to the $password variable to connect to a database. Remember the getPwd.pl script is setuid, and therefore setup for the testDBConn.pl to run getPwd.pl

eg.

$username="blah";
$password=result from getPwd.pl
$dsn=qq{...};
$dbh=DBI->connect($dsn, $username, $password)};

And so, exactly what is your question? – JRFerguson Nov 18 '11 at 16:47 — JRFerguson, Nov 18 '11 at 16:47

score 0 · Answer 1 · answered Nov 18 '11 at 17:11

0

Calling a setuid Perl script is no different from calling any other executable on the system:

my $password = `getPwd.pl`;

However, I would encourage you not to use a setuid Perl script. There are a lot of pitfalls with setuid executables in any language. Additionally, using them was deprecated in Perl 5.10.1 and removed in 5.12. A better alternative is to run getPwd.pl under sudo.

answered Nov 18 '11 at 17:11

frezik

2,316
15
13

Thank You. Do you mind elaborating on sudo? How easy is it to setup? What will have to edited, etc. – user621092 Nov 18 '11 at 17:44
@user621092 -- If you have any modern Linux distro, you almost certainly have sudo already. The config file is `/etc/sudoers`. You'll want to be able to run `sudo getPwd.pl` with no password. I don't remember all the config needed off the top of my head, but `man sudoers` and google should get you the rest of the way. – frezik Nov 18 '11 at 22:40

Executing a setuid perl script within a perl script

1 Answers1