Date: Fri, 06 Sep 1996 10:49:50 +0100 From: Paul Walsh <paul@nation-net.com> To: tcg@ime.net, branson@widomaker.com, jeff@tad.cetlink.net, james@nexis.net Cc: freebsd-questions@FreeBSD.org Subject: Re: suidperl from httpd not working Message-ID: <322FF3BE.5EF7@nation-net.com> References: <199609051935.NAA00503@terra.aros.net> <322F3E6E.2127@ime.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Great, thanks . Now if I chmod these wrappers 4701 owner root what stops
shell account users from running them? I guess there's no secure
solution to this since using httpd passworded cgi's is great until you
have shell accounts on the same machine.
Cheers Paul Walsh.
Gary Chrysler wrote:
>
> Dave Andersen wrote:
> >
> > Lo and behold, Gary Chrysler once said:
> >
> > > Ouch, That seems like a hole to me.. Course I really don't know!
> >
> > Nope. It's the right way to do it.
> >
> > > Also I'm thinking again.. :(
> > > So if that was to be done wouldn't ya also want to set em back
> > > after the script runs????
> >
> > > execv("my perl script", argv);
> > > setuid(uid);
> > > seteuid(euid);
> >
> > No. execv() replaces the currently executing program with whatever
> > you exec() to. The second setuid and seteuid calls are never reached -
> > or shouldn't be if there aren't any errors.
> >
> > You don't retain your setuidness after the program exits; the setuid
> > call only affects the program and its children, not the parent process.
--
paul@nation-net.com Walsh Simmons
0161-839 9337 Manchester, UK
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?322FF3BE.5EF7>