From owner-freebsd-questions Fri Sep 6 02:53:04 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id CAA09556 for questions-outgoing; Fri, 6 Sep 1996 02:53:04 -0700 (PDT) Received: from www.nation-net.com (www.nation-net.com [194.159.125.1]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id CAA09533 for ; Fri, 6 Sep 1996 02:52:52 -0700 (PDT) Received: from mag.nation-net.com (194.159.125.14) by www.nation-net.com with SMTP (Apple Internet Mail Server 1.0); Fri, 6 Sep 1996 10:55:12 +0000 Message-ID: <322FF412.6EAE@nation-net.com> Date: Fri, 06 Sep 1996 10:51:14 +0100 From: Paul Walsh X-Mailer: Mozilla 2.0 (Win95; I) MIME-Version: 1.0 To: questions@freebsd.org, craig@ProGroup.COM Subject: Re: suidperl from httpd not working References: <199609060903.CAA02213@seabass.progroup.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Thanks Craig, I like the idea of checking user ID to stop it being run from a shell account but how secure is that? The wrappers should still be chmod 4701 owner root? Is there really a secure solution to using httpd passworded cgi's and having shell accounts on the same machine. Cheers, Paul Walsh. Craig Shaver wrote: > > > > > Is there any way an httpd user (nobody) can run a setuid perl script through > > cgi? Does it have to be a 'real' user. > > > > Cheers, Paul > > -- > > paul@nation-net.com Walsh Simmons > > 0161-839 9337 Manchester, UK > > > > Yes, I have done it using a wrapper program. Here is a copy of that program > from the vend ver 0.2 shopping cart. > > ========================================== > /v/unix/inet/http/vend/0.2/vend-0.2/svend.c > ========================================== > > #define CGIUSER 60001 > #define PERL "/u/local/bin/perl" > #define VEND "/u/local/etc/httpd/vend/vend.pl" > > #include > #include > #include > #include > #include > > #ifdef PATCHED_OUT > #ifdef sun > int sys_nerr; > char* sys_errlist[]; > #define NEED_STRERROR > #endif > #endif > > #ifdef NEED_STRERROR > static char* strerror(e) > int e; > { > if (e == 0) > return "System call failed but errno not set"; > else if (e < 1 || e >= sys_nerr) > return "No description available for this error"; > else > return sys_errlist[e]; > } > #endif > > int main(argc, argv) > int argc; > char** argv; > { > uid_t euid; > gid_t egid; > int r; > > if (getuid() != CGIUSER) { > printf("Content-type: text/plain\n\n"); > printf("SVEND must be run from HTTPD. (Check CGIUSER in svend.c)\n"); > exit(1); > } > > euid = geteuid(); > #if defined BSD > r = setreuid( euid, euid ); > #else > r = setuid (euid); > #endif > if (r == -1) { > printf("Content-type: text/plain\n\n"); > printf("Could not set uid: %s\n", strerror(errno)); > exit(1); > } > > egid = getegid(); > #if defined BSD > r = setregid( egid, egid ); > #else > r = setgid (euid); > #endif > if (r == -1) { > printf("Content-type: text/plain\n\n"); > printf("Could not set gid: %s\n", strerror(errno)); > exit(1); > } > > #if defined DEBUG > printf("Content-type: text/plain\n\n"); > printf("euid = %d, egid = %d\n", euid, egid); > exit(1); > #endif > > execl(PERL, PERL, VEND, 0); > printf("Content-type: text/plain\n\n"); > printf("Could not exec %s: %s", PERL, strerror(errno)); > exit(1); > } > > ========================================== > /v/unix/inet/http/vend/0.2/vend-0.2/svend.c > ========================================== > > -- > Craig Shaver (craig@progroup.com) (415)390-0654 > Productivity Group POB 60458 Sunnyvale, CA 94088 -- paul@nation-net.com Walsh Simmons 0161-839 9337 Manchester, UK