Date: Thu, 2 Apr 1998 13:53:56 -0600 From: dannyman <dannyman@sasquatch.dannyland.org> To: chas <panda@peace.com.my>, freebsd-questions@FreeBSD.ORG Subject: Re: How can CGI script execute root commands or edit root-owned files ? Message-ID: <19980402135356.22606@arh0300.urh.uiuc.edu> In-Reply-To: <3.0.32.19980403023610.009a1ad0@peace.com.my>; from chas on Fri, Apr 03, 1998 at 02:13:51AM %2B0800 References: <3.0.32.19980403023610.009a1ad0@peace.com.my>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Apr 03, 1998 at 02:13:51AM +0800, chas wrote: > Since a CGI script is executed with Nobody's (the web > server's) privilegies, how it can run Administrator > commands like useradd ? > > One suggestion I've had was running the webserver > as root but this seems to be considered > not a good thing by and large. I was just looking > at updating user records and DNS records in such > a manner. There is a "SetUID" patch you can apply to Apache seperately which will execute CGIs under their author's ownership, assuming certain security restrictions are met. If you want to call a suid program from your CGI, using your CGI programme as something of a security wrapper, I think that might work nicely too, though I've never tried this. -dan -- // dannyman yori aiokomete || Our Honored Symbol deserves \\/ http://www.dannyland.org/~dannyman/ || an Honorable Retirement (UIUC) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980402135356.22606>