Setuid script - require failing


#1

ruby 1.8.5 and 1.9

I have a script that I am trying to run as setuid. I’ve created a
simple C wrapper program for it that calls exec and invokes the
script.
This wrapper program is set to another user (not root), chmod 4755.
The directory where the wrapper and script is chowned to root, with
0755.
The script runs fine, with a taint level of 1.

However, any:

require ‘something’

fails with:

in `require’: Insecure operation - require (SecurityError)

as if the string was tainted. Unfortunately, ruby does not seem too
helpful in explaining what the issue is.


I also replaced the script with a two line script in Perl, and Perl
allows me to require any of its modules just fine.

Any ideas?