Date: Fri, 06 Sep 1996 10:51:14 +0100 From: Paul Walsh <paul@nation-net.com> To: questions@freebsd.org, craig@ProGroup.COM Subject: Re: suidperl from httpd not working Message-ID: <322FF412.6EAE@nation-net.com> References: <199609060903.CAA02213@seabass.progroup.com>
index | next in thread | previous in thread | raw e-mail
Thanks Craig, I like the idea of checking user ID to stop it being run from a
shell account but how secure is that? The wrappers should still be chmod 4701
owner root? Is there really a secure solution to using httpd passworded cgi's
and having shell accounts on the same machine.
Cheers, Paul Walsh.
Craig Shaver wrote:
>
> >
> > Is there any way an httpd user (nobody) can run a setuid perl script through
> > cgi? Does it have to be a 'real' user.
> >
> > Cheers, Paul
> > --
> > paul@nation-net.com Walsh Simmons
> > 0161-839 9337 Manchester, UK
> >
>
> Yes, I have done it using a wrapper program. Here is a copy of that program
> from the vend ver 0.2 shopping cart.
>
> ==========================================
> /v/unix/inet/http/vend/0.2/vend-0.2/svend.c
> ==========================================
>
> #define CGIUSER 60001
> #define PERL "/u/local/bin/perl"
> #define VEND "/u/local/etc/httpd/vend/vend.pl"
>
> #include <sys/types.h>
> #include <errno.h>
> #include <stdio.h>
> #include <stdlib.h>
> #include <unistd.h>
>
> #ifdef PATCHED_OUT
> #ifdef sun
> int sys_nerr;
> char* sys_errlist[];
> #define NEED_STRERROR
> #endif
> #endif
>
> #ifdef NEED_STRERROR
> static char* strerror(e)
> int e;
> {
> if (e == 0)
> return "System call failed but errno not set";
> else if (e < 1 || e >= sys_nerr)
> return "No description available for this error";
> else
> return sys_errlist[e];
> }
> #endif
>
> int main(argc, argv)
> int argc;
> char** argv;
> {
> uid_t euid;
> gid_t egid;
> int r;
>
> if (getuid() != CGIUSER) {
> printf("Content-type: text/plain\n\n");
> printf("SVEND must be run from HTTPD. (Check CGIUSER in svend.c)\n");
> exit(1);
> }
>
> euid = geteuid();
> #if defined BSD
> r = setreuid( euid, euid );
> #else
> r = setuid (euid);
> #endif
> if (r == -1) {
> printf("Content-type: text/plain\n\n");
> printf("Could not set uid: %s\n", strerror(errno));
> exit(1);
> }
>
> egid = getegid();
> #if defined BSD
> r = setregid( egid, egid );
> #else
> r = setgid (euid);
> #endif
> if (r == -1) {
> printf("Content-type: text/plain\n\n");
> printf("Could not set gid: %s\n", strerror(errno));
> exit(1);
> }
>
> #if defined DEBUG
> printf("Content-type: text/plain\n\n");
> printf("euid = %d, egid = %d\n", euid, egid);
> exit(1);
> #endif
>
> execl(PERL, PERL, VEND, 0);
> printf("Content-type: text/plain\n\n");
> printf("Could not exec %s: %s", PERL, strerror(errno));
> exit(1);
> }
>
> ==========================================
> /v/unix/inet/http/vend/0.2/vend-0.2/svend.c
> ==========================================
>
> --
> Craig Shaver (craig@progroup.com) (415)390-0654
> Productivity Group POB 60458 Sunnyvale, CA 94088
--
paul@nation-net.com Walsh Simmons
0161-839 9337 Manchester, UK
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?322FF412.6EAE>