Syndicate content

Insecure $ENV{PATH} ...

Today, I was trying to run psql from a program when I got this error:

  Insecure $ENV{PATH} while running setuid at ...

At first, I thought that psql would be testing something about the user, but in fact, psql is a perl script that runs in secure mode. In other words, this applies to any tool written in perl.

The perl interpreter makes sure that the current user identifier is the same as the effective user identifier. When there is a mismatch, the interpreter breaks with that error.

In my case, my program is written in C and I could simply force the current user identifier to make everything work as expected:

    unix_uid = geteuid();
    setresuid(unix_uid, unix_uid, unix_uid);

That code gets the current effective user identifier and sets it in all the possible user identifiers available on Linux.

On an older operating system, you may need to use setuid() and some other similar functions.

After I added that call, the error disappeared.

More information about the secure version of the perl interpreter.

Syndicate content

     

Terms of Site Index

Find the page/content you are looking for with our index.

  • dump

    The dump command, under a Unix system, is used to dump the entire file system to another device. By default, the dump output device is a tape device (/dev/tape). Now a day, however, it is often used with other devices such as another file system (from one hard drive to another.)

    Other systems use that same keyword. It is particularly the case of database systems. For instance, the PostgreSQL database has a pg_dump command.

    The opposite command is restore. That command is used to get the data from the output device and put it back on your hard drive.

  • form
  • mode
  • right
  • undefined