From owner-freebsd-questions Thu Sep 5 07:59:53 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id HAA22444 for questions-outgoing; Thu, 5 Sep 1996 07:59:53 -0700 (PDT) Received: from ime.net (ime.net [204.97.248.4]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id HAA22439 for ; Thu, 5 Sep 1996 07:59:49 -0700 (PDT) Received: from kimiko.tcguy.net (buxton-10.ime.net [206.231.148.139]) by ime.net (8.7.4/8.6.12) with SMTP id KAA06627; Thu, 5 Sep 1996 10:59:32 -0400 (EDT) Message-ID: <322EEAD7.73A@ime.net> Date: Thu, 05 Sep 1996 10:59:35 -0400 From: Gary Chrysler Reply-To: tcg@ime.net Organization: The Computer Guy X-Mailer: Mozilla 3.0b6 (Win95; I) MIME-Version: 1.0 To: Jeffrey Wheat CC: Paul Walsh , freebsd-questions@freebsd.org Subject: Re: suidperl from httpd not working References: <199609051332.JAA27682@tad.cetlink.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Jeffrey Wheat wrote: > > In reply to Paul Walsh's email > > Is there any way an httpd user (nobody) can run a setuid perl script through > > cgi? Does it have to be a 'real' user. > > Paul, > I use a wrapper to do this. > > main(argc,argv) > int argc; > char **argv; > { > setuid(0); > seteuid(0); > execv("my perl script", argv); > } > Ouch, That seems like a hole to me.. Course I really don't know! Also I'm thinking again.. :( So if that was to be done wouldn't ya also want to set em back after the script runs???? ie: (Warning! I am a thief! I stole this code from above and tweeked. :) main(argc,argv) int argc; char **argv; { int uid = getuid(); int euid = geteuid(); setuid(0); seteuid(0); execv("my perl script", argv); setuid(uid); seteuid(euid); } Or something like that, Data types may not be right, But the idea is. Nope, I'm no guru here, Just stinking outloud! -Enjoy Gary ~~~~~~~~~~~~~~~~ Improve America's Knowledge... Share yours The Borg... Where minds meet (207) 929-3848