Hi,
I wrote a rule that calls a program map (perlscript) which calls a
program with suid bit

sendmail -> perl program map -> suid shell program (chmod 2755)

but this fails with "illegal seek" in the $! variable of the calling
perl script. sendmail runs as unprivigeded user as described in
sendmail/SECURITY.
If the perl script is called from command line the suid shell program
call works but if the perl script is invoked from sendmail it gives
the "illegal seek".

Any suggestions for me?

Frank

Frank <muede_taube [at] gmx.de> writes:
> I wrote a rule that calls a program map (perlscript) which calls a
> program with suid bit
>
> sendmail -> perl program map -> suid shell program (chmod 2755)
>
> but this fails with "illegal seek" in the $! variable of the calling
> perl script. sendmail runs as unprivigeded user as described in
> sendmail/SECURITY.
> If the perl script is called from command line the suid shell program
> call works but if the perl script is invoked from sendmail it gives
> the "illegal seek".
>
> Any suggestions for me?

Have you considered using socket map?
It should eliminate need for using suid programs.

Sample prel script implementing socket map daemon is provided in
contrib/ directory.

--
[pl>en: Andrew] Andrzej Adam Filip : anfi [at] priv.onet.pl : anfi [at] xl.wp.pl
Open-Sendmail: http://open-sendmail.sourceforge.net/

In article
<f2517b32-3d20-41a0-8bc7-94d01522b866 [at] e23g2000prf.googlegroups.com>
Frank <muede_taube [at] gmx.de> writes:
>I wrote a rule that calls a program map (perlscript) which calls a
>program with suid bit
>
>sendmail -> perl program map -> suid shell program (chmod 2755)
>
>but this fails with "illegal seek" in the $! variable of the calling
>perl script. sendmail runs as unprivigeded user as described in
>sendmail/SECURITY.
>If the perl script is called from command line the suid shell program
>call works but if the perl script is invoked from sendmail it gives
>the "illegal seek".
>
>Any suggestions for me?

'man errno'. In case the man page is defective on your OS, here's the
relevant quote from a proper one:

29 ESPIPE Illegal seek. An lseek(2) system call was issued on a socket,
pipe or FIFO.

I.e. it has nothing to do with permissions or privileges. Now you just
need to figure out what you're doing wrong in your scripts (most likely
the perl one).

--Per Hedeland
per [at] hedeland.org

Hi Per and Andrzej,
many thanks for your answers! I played around with sendmail and perl
and suidperl is my friend. Now the perl program map calls another perl
program (chmod 2755) with suidperl interpreter and this calls the
other suid program. This works perfectly. But I will also have a look
on socket maps to get rid of the suidperl program.

Frank