Date: Thu, 05 Sep 1996 10:59:35 -0400 From: Gary Chrysler <tcg@ime.net> To: Jeffrey Wheat <jeff@tad.cetlink.net> Cc: Paul Walsh <paul@nation-net.com>, freebsd-questions@freebsd.org Subject: Re: suidperl from httpd not working Message-ID: <322EEAD7.73A@ime.net> References: <199609051332.JAA27682@tad.cetlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jeffrey Wheat wrote:
>
> In reply to Paul Walsh's email
> > Is there any way an httpd user (nobody) can run a setuid perl script through
> > cgi? Does it have to be a 'real' user.
>
> Paul,
> I use a wrapper to do this.
>
> main(argc,argv)
> int argc;
> char **argv;
> {
> setuid(0);
> seteuid(0);
> execv("my perl script", argv);
> }
>
Ouch, That seems like a hole to me.. Course I really don't know!
Also I'm thinking again.. :(
So if that was to be done wouldn't ya also want to set em back
after the script runs????
ie:
(Warning! I am a thief! I stole this code from above and tweeked. :)
main(argc,argv)
int argc;
char **argv;
{
int uid = getuid();
int euid = geteuid();
setuid(0);
seteuid(0);
execv("my perl script", argv);
setuid(uid);
seteuid(euid);
}
Or something like that, Data types may not be right, But the
idea is.
Nope, I'm no guru here, Just stinking outloud!
-Enjoy
Gary
~~~~~~~~~~~~~~~~
Improve America's Knowledge... Share yours
The Borg... Where minds meet
(207) 929-3848
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?322EEAD7.73A>