Syndicate content

Insecure $ENV{PATH} ...

Today, I was trying to run psql from a program when I got this error:

  Insecure $ENV{PATH} while running setuid at ...

At first, I thought that psql would be testing something about the user, but in fact, psql is a perl script that runs in secure mode. In other words, this applies to any tool written in perl.

The perl interpreter makes sure that the current user identifier is the same as the effective user identifier. When there is a mismatch, the interpreter breaks with that error.

In my case, my program is written in C and I could simply force the current user identifier to make everything work as expected:

    unix_uid = geteuid();
    setresuid(unix_uid, unix_uid, unix_uid);

That code gets the current effective user identifier and sets it in all the possible user identifiers available on Linux.

On an older operating system, you may need to use setuid() and some other similar functions.

After I added that call, the error disappeared.

More information about the secure version of the perl interpreter.

Syndicate content

     

Terms of Site Index

Find the page/content you are looking for with our index.

  • backup
  • Fawn
  • live
  • width
  • zlib

    The Z library is a compression library based on an algorithm that compresses at best in some automated and simle way. For better performance, the entire input file is necessary. Note that you can get better results with other methods, this one is excellent for streaming, however.