Date: Fri, 06 Sep 1996 10:49:50 +0100 From: Paul Walsh <paul@nation-net.com> To: tcg@ime.net, branson@widomaker.com, jeff@tad.cetlink.net, james@nexis.net Cc: freebsd-questions@FreeBSD.org Subject: Re: suidperl from httpd not working Message-ID: <322FF3BE.5EF7@nation-net.com> References: <199609051935.NAA00503@terra.aros.net> <322F3E6E.2127@ime.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Great, thanks . Now if I chmod these wrappers 4701 owner root what stops shell account users from running them? I guess there's no secure solution to this since using httpd passworded cgi's is great until you have shell accounts on the same machine. Cheers Paul Walsh. Gary Chrysler wrote: > > Dave Andersen wrote: > > > > Lo and behold, Gary Chrysler once said: > > > > > Ouch, That seems like a hole to me.. Course I really don't know! > > > > Nope. It's the right way to do it. > > > > > Also I'm thinking again.. :( > > > So if that was to be done wouldn't ya also want to set em back > > > after the script runs???? > > > > > execv("my perl script", argv); > > > setuid(uid); > > > seteuid(euid); > > > > No. execv() replaces the currently executing program with whatever > > you exec() to. The second setuid and seteuid calls are never reached - > > or shouldn't be if there aren't any errors. > > > > You don't retain your setuidness after the program exits; the setuid > > call only affects the program and its children, not the parent process. -- paul@nation-net.com Walsh Simmons 0161-839 9337 Manchester, UK
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?322FF3BE.5EF7>