Date: Fri, 27 Sep 2013 14:50:02 -0700 From: Charles Swiger <cswiger@mac.com> To: Michael BlackHeart <amdmiek@gmail.com> Cc: freebsd-stable <freebsd-stable@freebsd.org> Subject: Re: Running a script via PHP Message-ID: <58E65D87-C41C-4777-9EAA-005CE3506B6A@mac.com> In-Reply-To: <CA%2BAz77MKoQZRdtiiHX3_88A9PJaxJC0vwHebie%2BwgdsWNNpn3g@mail.gmail.com> References: <CA%2BAz77MKoQZRdtiiHX3_88A9PJaxJC0vwHebie%2BwgdsWNNpn3g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi-- On Sep 27, 2013, at 2:18 AM, Michael BlackHeart <amdmiek@gmail.com> wrote: > Hello there, > It's quite off-topic, but I'm using freebsd-stable,so > > The priblem is - running a script that requires root privileges via PHP (or > probably CGI - I do not care, just want it to be secure and working). Unfortunately the combination of PHP, doing something which needs root, and security are inherently contradictory. The least risky approach would be to invoke the needed command via sudo, or possibly a small setuid-root C wrapper program which launches only the needed script with root permissions. Use sudo unless your C wrapper is careful enough to use exec() and not system(), sanitizes $PATH and other env variables, and guards against games with $IFS, shell metachars, and such. Regards, -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?58E65D87-C41C-4777-9EAA-005CE3506B6A>