From owner-freebsd-questions Fri Sep 6 02:51:46 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id CAA09370 for questions-outgoing; Fri, 6 Sep 1996 02:51:46 -0700 (PDT) Received: from www.nation-net.com (www.nation-net.com [194.159.125.1]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id CAA09363 for ; Fri, 6 Sep 1996 02:51:42 -0700 (PDT) Received: from mag.nation-net.com (194.159.125.14) by www.nation-net.com with SMTP (Apple Internet Mail Server 1.0); Fri, 6 Sep 1996 10:53:49 +0000 Message-ID: <322FF3BE.5EF7@nation-net.com> Date: Fri, 06 Sep 1996 10:49:50 +0100 From: Paul Walsh X-Mailer: Mozilla 2.0 (Win95; I) MIME-Version: 1.0 To: tcg@ime.net, branson@widomaker.com, jeff@tad.cetlink.net, james@nexis.net CC: freebsd-questions@FreeBSD.org Subject: Re: suidperl from httpd not working References: <199609051935.NAA00503@terra.aros.net> <322F3E6E.2127@ime.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-questions@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk Great, thanks . Now if I chmod these wrappers 4701 owner root what stops shell account users from running them? I guess there's no secure solution to this since using httpd passworded cgi's is great until you have shell accounts on the same machine. Cheers Paul Walsh. Gary Chrysler wrote: > > Dave Andersen wrote: > > > > Lo and behold, Gary Chrysler once said: > > > > > Ouch, That seems like a hole to me.. Course I really don't know! > > > > Nope. It's the right way to do it. > > > > > Also I'm thinking again.. :( > > > So if that was to be done wouldn't ya also want to set em back > > > after the script runs???? > > > > > execv("my perl script", argv); > > > setuid(uid); > > > seteuid(euid); > > > > No. execv() replaces the currently executing program with whatever > > you exec() to. The second setuid and seteuid calls are never reached - > > or shouldn't be if there aren't any errors. > > > > You don't retain your setuidness after the program exits; the setuid > > call only affects the program and its children, not the parent process. -- paul@nation-net.com Walsh Simmons 0161-839 9337 Manchester, UK