HeXiLeD
Veteran
Joined: 20 Aug 2005
Posts: 1159
Location: Online
|
 Posted: Tue Dec 01, 2015 2:44 pm Post subject: /usr/bin/perl: bad interpreter: Permission denied [SOLVED] |
 |
|
This is a hardened system I do not have this problem with another system that although has hardened flags in make.conf, it's profile is not hardened.
/usr/bin/perl: bad interpreter: Permission denied
This happens as user but not as root.
| Code: | $ which perl
/usr/bin/perl
|
| Code: | # which perl
/usr/local/bin/perl |
| Code: | ls -lah /usr/local/bin/perl
lrwxrwxrwx 1 root root 13 Mar 31 2013 /usr/local/bin/perl -> /usr/bin/perl |
| Code: | ls -lah /usr/bin/perl
-rwxr-xr-x 1 root root 10K May 7 2015 /usr/bin/perl |
It is clear that the user is not using the symlink which has all the permissions but as user it also does not work. I removed the symlink. The non hardened profile system also does not have it.
This is not the first time that i get this perl symlink which means someone is teling portage to create it.
| Code: | $ file /usr/bin/perl
/usr/bin/perl: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, stripped
|
| Code: | $ ls -l /lib64/ld-linux-x86-64.so.2
lrwxrwxrwx 1 root root 10 Nov 26 21:14 /lib64/ld-linux-x86-64.so.2 -> ld-2.21.so |
| Code: | $ ls -l /lib64/ld-2.21.so
-rwxr-xr-x 1 root root 152808 Nov 26 21:15 /lib64/ld-2.21.so |
As user i can execute perl at least for it's basic commands. ie:
| Code: | perl -v
perl -h
perldoc perl |
But i cannot run a perl script as user such as:
| Code: | #!/usr/bin/perl
print "Hello World.\n"; |
If it helps i am trying to use perl to compile openwrt while running this script: https://bpaste.net/show/71a3cdc25644
| Code: | $ ./scripts/feeds update -a
bash: ./scripts/feeds: /usr/bin/perl: bad interpreter: Permission denied |
changing #!/usr/bin/perl to #!/usr/local/bin/perl does not help and remmeber that with the non profile hardened system, this problem does not happen.
Trying with strace
| Code: | $ strace ./scripts/feeds update -a
execve("./scripts/feeds", ["./scripts/feeds", "update", "-a"], [/* 47 vars */]) = -1 EACCES (Permission denied)
write(2, "strace: exec: Permission denied\n", 32strace: exec: Permission denied
) = 32
exit_group(1) = ?
+++ exited with 1 +++
|
| Code: | $ which strace
/usr/bin/strace
$ ls -lah /usr/bin/strace
-rwxr-xr-x 1 root root 415K Oct 10 11:11 /usr/bin/strace |
Aside it's own user group, the user is also in and only in games & users
I can use other applications from /usr/bin/*
| Code: | $ eselect profile list
[14] hardened/linux/amd64 |
Perl permissions in the non hardened profile system are the same as in the hardened profile system.
One question i have is if this may have anything to do with xattr file system extended file attributes
https://en.wikipedia.org/wiki/Extended_file_attributes#Linux
| Code: | $ cat /etc/fstab | grep dev/sda1
dev/sda1 / ext4 noatime 0 1 |
Kernel
| Code: | <*> The Extended 4 (ext4) filesystem
[*] Use ext4 for ext2/ext3 file systems
<*> Ext4 Encryption |
I don't see where to select xattr for ext4
Ran out of ideas ...
Edit:
Found the problem with dmesg:
| Code: | | grsec: From ip.ip.ip.ip: denied untrusted exec (due to being in untrusted group and file in non-root-owned directory) of /home/user/path/openwrt/scripts/feeds by /home/user/path/openwrt/scripts/feeds[bash:2408] uid/euid:1033/1033 gid/egid:1033/1033, parent /bin/bash[bash:1874] uid/euid:1033/1033 gid/egid:1033/1033 |
Info:
https://wiki.gentoo.org/wiki/Hardened/Grsecurity_Trusted_Path_Execution
Kernel:
| Code: | | (100) GID for TPE-untrusted users |
Editing /etc/group and removing the user from group GID 100 solved the problem:
| Code: | | users:x:100:user1,user2,user3 |
Problem is SOLVED
_________________
Do you hear the sound of inevitability?
With age, comes great grumpiness and that, was 20 years ago...
CertFP: becbbd161d5a5c31de3c45171b77bf710911db29 / d985d21f89fe2977b593c4d381a1a86802e62990d9328d893db76d59f9935244 |
|
Portage & Programming
