IO:tty errors

> Hey all,
>
> I've inherited some code that i need to fix up. There is a shell script
> that calls a perl program. The shell script is suid to a non-root user. In
> the perl script they did a set real id to effective id. With this setup
> all works, but it's a gapping security hole. the perl script uses expect
> to spawn a telnet session, and you can ctrl-] out of the telnet and
> ! to get a shell script as the suid user. I took out the set real id =
> to effective id and everything seems to work ok, but i get the following
> errors on spawing the telnet:
>
> IO::Tty::open_slave(nonfatal): open(/dev/pts/2): Permission denied at /tools/perl/lib/IO/Pty.pm line 24.
> pty_allocate(nonfatal): open(/dev/ptmx): Permission denied at /tools/perl/lib/IO/Pty.pm line 24.
> IO::Tty::pty_allocate(nonfatal): grantpt(): Permission denied at /tools/perl/lib/IO/Pty.pm line 24.
> IO::Tty::pty_allocate(nonfatal): unlockpt(): Inappropriate ioctl for device at /tools/perl/lib/IO/Pty.pm line 24.
>
> It makes sense to me, seems to be non-fatal, but my users will freak
> at seeing this output. Is there a quick and easy way to turn off these
> error messages?
>
> Thanks
> -S

> Date: Sun, 11 Nov 2007 08:02:33 -0900
> From: Ken Irving <fnkci@...>
> Subject: Re: [Expectperl-discuss] IO:tty errors
> To: expectperl-discuss@...
> Message-ID: <20071111170233.GA16307@localhost>
> Content-Type: text/plain; charset=us-ascii
>
> On Wed, Nov 07, 2007 at 04:29:52PM -0500, sph042@... wrote:
> > Hey all,
> >
> > I've inherited some code that i need to fix up. There is a shell script
> > that calls a perl program. The shell script is suid to a non-root user. In
> > the perl script they did a set real id to effective id. With this setup
> > all works, but it's a gapping security hole. the perl script uses expect
> > to spawn a telnet session, and you can ctrl-] out of the telnet and
> > ! to get a shell script as the suid user. I took out the set real id =
> > to effective id and everything seems to work ok, but i get the following
> > errors on spawing the telnet:
> >
> > IO::Tty::open_slave(nonfatal): open(/dev/pts/2): Permission denied at /tools/perl/lib/IO/Pty.pm line 24.
> > pty_allocate(nonfatal): open(/dev/ptmx): Permission denied at /tools/perl/lib/IO/Pty.pm line 24.
> > IO::Tty::pty_allocate(nonfatal): grantpt(): Permission denied at /tools/perl/lib/IO/Pty.pm line 24.
> > IO::Tty::pty_allocate(nonfatal): unlockpt(): Inappropriate ioctl for device at /tools/perl/lib/IO/Pty.pm line 24.
> >
> > It makes sense to me, seems to be non-fatal, but my users will freak
> > at seeing this output. Is there a quick and easy way to turn off these
> > error messages?
> >
> > Thanks
> > -S
>
>   $ perldoc -q warnings
>   Found in /usr/share/perl/5.8/pod/perlfaq7.pod
>        How do I temporarily block warnings?
>
>        If you are running Perl 5.6.0 or better, the "use warnings" pragma allows fine
>        control of what warning are produced.  See perllexwarn for more details.
>
>            {
>                no warnings;          # temporarily turn off warnings
>                $a = $b + $c;         # I know these might be undef
>            }
>
>        If you have an older version of Perl, the $^W variable (documented in perlvar)
>        controls runtime warnings for a block:
>
>            {
>                local $^W = 0;        # temporarily turn off warnings
>                $a = $b + $c;         # I know these might be undef
>            }
>
>        Note that like all the punctuation variables, you cannot currently use my() on
>        $^W, only local().
>
> --
> Ken Irving, fnkci@...
>
>
>