From owner-freebsd-isp@FreeBSD.ORG Fri Oct 29 07:31:39 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A233616A4CE for ; Fri, 29 Oct 2004 07:31:39 +0000 (GMT) Received: from smtp1.powertech.no (smtp1.powertech.no [195.159.0.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id C305043D48 for ; Fri, 29 Oct 2004 07:31:38 +0000 (GMT) (envelope-from frode@nordahl.net) Received: from [195.159.6.24] (ws24.ns5.powertech.no [195.159.6.24]) by smtp1.powertech.no (Postfix) with ESMTP id 2935080DE; Fri, 29 Oct 2004 09:31:37 +0200 (CEST) In-Reply-To: <41814DAA.80206@vineyard.net> References: <41814DAA.80206@vineyard.net> Mime-Version: 1.0 (Apple Message framework v619) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <91ADB2F2-297C-11D9-A7DA-000A95A9A574@nordahl.net> Content-Transfer-Encoding: 7bit From: Frode Nordahl Date: Fri, 29 Oct 2004 09:31:38 +0200 To: "Eric W. Bates" X-Mailer: Apple Mail (2.619) cc: freebsd-isp@freebsd.org Subject: Re: Problems with rc.subr and suid script X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Oct 2004 07:31:39 -0000 On Oct 28, 2004, at 21:51, Eric W. Bates wrote: > I've written a CGI which is calling /usr/local/rc.d/squid.sh in an > attempt to start/stop the proxy. Stopping works fine; however, > whenever I try to start it I'm having permissions problems. > > It seems as tho rc.subr is using RUID instead of EUID. > > The CGI is written in perl. Try to set the real uid then: $< = $>; or $UID = $EUID; or $REAL_USER_ID = $EFFECTIVE_USER_ID; (ref perlvar manpage) shesh. Perl is crazy :-D Also, suidperl is paranoid about environment etc, so make sure you set up a safe $ENV{PATH} etc. And of course, try to run the script from commandline as an unprivileged user and look for errors and warnings. Mvh, Frode > Thanks. > > -- > Eric Bates > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"