Date: Fri, 27 Sep 2013 14:50:02 -0700 From: Charles Swiger <cswiger@mac.com> To: Michael BlackHeart <amdmiek@gmail.com> Cc: freebsd-stable <freebsd-stable@freebsd.org> Subject: Re: Running a script via PHP Message-ID: <58E65D87-C41C-4777-9EAA-005CE3506B6A@mac.com> In-Reply-To: <CA%2BAz77MKoQZRdtiiHX3_88A9PJaxJC0vwHebie%2BwgdsWNNpn3g@mail.gmail.com> References: <CA%2BAz77MKoQZRdtiiHX3_88A9PJaxJC0vwHebie%2BwgdsWNNpn3g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi-- On Sep 27, 2013, at 2:18 AM, Michael BlackHeart <amdmiek@gmail.com> = wrote: > Hello there, > It's quite off-topic, but I'm using freebsd-stable,so >=20 > The priblem is - running a script that requires root privileges via = PHP (or > probably CGI - I do not care, just want it to be secure and working). Unfortunately the combination of PHP, doing something which needs root, = and security are inherently contradictory. The least risky approach would be to invoke the needed command via sudo, = or=20 possibly a small setuid-root C wrapper program which launches only the = needed script with root permissions. Use sudo unless your C wrapper is careful enough = to use exec() and not system(), sanitizes $PATH and other env variables, and = guards against games with $IFS, shell metachars, and such. Regards, --=20 -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?58E65D87-C41C-4777-9EAA-005CE3506B6A>