|
NAMESudo - Perl extension for running a command line sudoSYNOPSISuse Sudo; my $su; $su = Sudo->new( { sudo => '/usr/bin/sudo', sudo_args => '...', username => $name, password => $pass, program => '/path/to/binary', program_args => '...', # and for remote execution ... [hostname => 'remote_hostname',] [username => 'remote_username'] } ); $result = $su->sudo_run(); if (exists($result->{error})) { &handle_error($result); } else { printf "STDOUT: %s\n",$result->{stdout}; printf "STDERR: %s\n",$result->{stderr}; printf "return: %s\n",$result->{rc}; } DESCRIPTIONSudo runs commands as another user, provided the system sudo implementation is setup to enable this. This does not allow running applications securely, simply it allows the programmer to run a program as another user (suid) using the sudo tools rather than suidperl. Suidperl is not generally recommended for secure operation as another user. While sudo itself is a single point tool to enable one user to execute commands as another sudo does not itself make you any more or less secure.Warning: This module does not make your code any more or less secure, it simply uses a different mechanism for running as a different user. This requires a properly configured sudo system to function. It has all the limitations/restrictions of sudo. It has an added vulnerability, in that you may need to provide a plain-text password in a variable. This may be attackable. Future versions of the module might try to address this. This module specifically runs a single command to get output which is passed back to the user. The module does not currently allow for interactive bidirectional communication between the callee and caller. The module does not spool input into the callee. Methods
TODOI/O currently this is a fancy way to run a command as another user without being suid. Eventually it may evolve to have IO:: goodness, or similar functionality.BUGSAs this module depends upon IPC::Run, it has all the bugs/limitations of IPC::Run. Spaces in file names, executables, and other odd items which give IPC::Run fits, will give Sudo fits. We would like to fix this, but this requires fixing IPC::Run.Insecurity as a bug. Security is not a product or feature. It is a process. If your systems are grossly insecure to begin with, using Sudo will not help you. Good security practice (not draconian security practice) is recommended across all systems. Basic common sense on services, file ownership, remote access, and so forth go a long way to helping the process. Start with the basics. Work from there. SEE ALSOsudo(8), perl(1), IPC::Run, a good book on locking down a systemAUTHORJoe Landman, landman@scalableinformatics.com, <http://www.scalableinformatics.com>COPYRIGHT AND LICENSECopyright (C) 2004,2005 by Scalable Informatics LLCThis library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8 or, at your option, any later version of Perl 5 you may have available.
Visit the GSP FreeBSD Man Page Interface. |