Setuid Perl script works on Solaris, but not Linux

Question

OK, this is weird. But in the process of trying to reproduce an issue for someone (where this became a potential moot point), I found this interesting oddity... Taking this stupid-simple perl script:

#!/usr/bin/perl

use POSIX;

$ENV{"PATH"} = "/usr/bin";
print "Effective:" . $> . "\n";
print "Actual   :" . $< . "\n";
print "geteuid():" . geteuid() . "\n";

If I create this script as (for example) root, set it to 4755 permissions, I get this on Solaris 11.4 (Perl 5.22.1) and Solaris 10.3 (Perl 5.16.1):

Effective:0
Actual   :100
geteuid():0

The SAME exact script, run on the same or later Perl versions, but on Linux (RHEL 7.7, Ubuntu 14.04, Ubuntu 20.04, RHEL 6.10) gives me:

Effective:100
Actual   :100
geteuid():100

If I create a suid executable on Linux that runs this script, I get the expected 0/100/0 output.

On the RHEL 6.10 host, it also has Perl 5.8.4 on it, and that perl, once suidperl is installed, also gives me 0/100/0 as expected.

Any idea why this works on Solaris and not Linux? Platform specific quirks are a little annoying when you're dealing with migration/upgrade issues...

Answer 1

If portability is an issue, it's not safe to assume that a Unix-like platform will respect the setuid flag on scripts. That's not an issue with Perl, or any other interpreter -- limitations like this are backed into the platform at a pretty deep level. Many people are concerned -- with good reason -- that allowed setuid scripts creates security weaknesses.

The standard solution -- as you've already figured out -- is to call the script from a binary that has the setuid flag set.