Date: Fri, 06 Sep 1996 10:51:14 +0100 From: Paul Walsh <paul@nation-net.com> To: questions@freebsd.org, craig@ProGroup.COM Subject: Re: suidperl from httpd not working Message-ID: <322FF412.6EAE@nation-net.com> References: <199609060903.CAA02213@seabass.progroup.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks Craig, I like the idea of checking user ID to stop it being run from a shell account but how secure is that? The wrappers should still be chmod 4701 owner root? Is there really a secure solution to using httpd passworded cgi's and having shell accounts on the same machine. Cheers, Paul Walsh. Craig Shaver wrote: > > > > > Is there any way an httpd user (nobody) can run a setuid perl script through > > cgi? Does it have to be a 'real' user. > > > > Cheers, Paul > > -- > > paul@nation-net.com Walsh Simmons > > 0161-839 9337 Manchester, UK > > > > Yes, I have done it using a wrapper program. Here is a copy of that program > from the vend ver 0.2 shopping cart. > > ========================================== > /v/unix/inet/http/vend/0.2/vend-0.2/svend.c > ========================================== > > #define CGIUSER 60001 > #define PERL "/u/local/bin/perl" > #define VEND "/u/local/etc/httpd/vend/vend.pl" > > #include <sys/types.h> > #include <errno.h> > #include <stdio.h> > #include <stdlib.h> > #include <unistd.h> > > #ifdef PATCHED_OUT > #ifdef sun > int sys_nerr; > char* sys_errlist[]; > #define NEED_STRERROR > #endif > #endif > > #ifdef NEED_STRERROR > static char* strerror(e) > int e; > { > if (e == 0) > return "System call failed but errno not set"; > else if (e < 1 || e >= sys_nerr) > return "No description available for this error"; > else > return sys_errlist[e]; > } > #endif > > int main(argc, argv) > int argc; > char** argv; > { > uid_t euid; > gid_t egid; > int r; > > if (getuid() != CGIUSER) { > printf("Content-type: text/plain\n\n"); > printf("SVEND must be run from HTTPD. (Check CGIUSER in svend.c)\n"); > exit(1); > } > > euid = geteuid(); > #if defined BSD > r = setreuid( euid, euid ); > #else > r = setuid (euid); > #endif > if (r == -1) { > printf("Content-type: text/plain\n\n"); > printf("Could not set uid: %s\n", strerror(errno)); > exit(1); > } > > egid = getegid(); > #if defined BSD > r = setregid( egid, egid ); > #else > r = setgid (euid); > #endif > if (r == -1) { > printf("Content-type: text/plain\n\n"); > printf("Could not set gid: %s\n", strerror(errno)); > exit(1); > } > > #if defined DEBUG > printf("Content-type: text/plain\n\n"); > printf("euid = %d, egid = %d\n", euid, egid); > exit(1); > #endif > > execl(PERL, PERL, VEND, 0); > printf("Content-type: text/plain\n\n"); > printf("Could not exec %s: %s", PERL, strerror(errno)); > exit(1); > } > > ========================================== > /v/unix/inet/http/vend/0.2/vend-0.2/svend.c > ========================================== > > -- > Craig Shaver (craig@progroup.com) (415)390-0654 > Productivity Group POB 60458 Sunnyvale, CA 94088 -- paul@nation-net.com Walsh Simmons 0161-839 9337 Manchester, UK
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?322FF412.6EAE>