[linux-help] Re: CGI-Script
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
if you REALLY want to let anybody from the website use a setuid script
to do that,
1. chown root filename
(possibly) chgrp root filename as well
2. chmod 4755 filename
NOTE: the 4 in the above permissions sets the setuid bit for whomever
actually owns the file, thus it is setuid to whomever the owner is.....
root, or anybody else who is the owner.
This will set the file so that anyone who uses it will give the script
privledges as if they were the root user while the script is running.
The problem with this is that it might be possible for someone to
actually get access to your system as root by using any weakness that
may exist in the script.
You need to do this while logged in as root yourself.
Sudharsha Wijesinghe wrote:
>
> Thanks for the information.
> Can you pls tell me how to setuid .
> The Cgi script is in perl.
> Thanks again,
> Sudharsha.
> --- Clint Brubakken <cabrubak@xxxxxxx> wrote:
> >
> > The only way to do this is a making the cgi program
> > setuid. If its perl
> > or c it possible, I'm don't think it is in php.
> > however it is very
> > insecure, to let web users do things as root.
> >
> > You might want to check into webmin an existing cgi
> > program that I think
> > does that, and has been looked over by many people
> > for security holes.
> >
> >
> >
> >
> > On Thu, 2002-02-21 at 02:29, Adithya Wijesinghe.
> > wrote:
> > >
> > > Hi,
> > > My problem is this .
> > > I have written a CGI-Script to create users in my
> > linux box
> > > I am using GET method and also useradd command.
> > > The out put comes as saying the useris sucessfully
> > created but
> > > there is no user created.When I chek the error log
> > in apache I it sa
> > > ys only root is able to run useradd how can I over
> > come this
> > > problem?
> > > Thanks in advance ,
> > > Sudharsha.
> > >
> > >
> >
> _________________________________________________________
> > > Do You Yahoo!?
> > > Get your free @yahoo.com address at
> > http://mail.yahoo.com
> > >
> > > -- This is the linux-help@xxxxxxxxx list. To
> > unsubscribe,
> > > visit
> > http://www.complete.org/cgi-bin/listargate-aclug.cgi
> >
> >
> > -- This is the linux-help@xxxxxxxxx list. To
> > unsubscribe,
> > visit
> > http://www.complete.org/cgi-bin/listargate-aclug.cgi
> >
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Sports - Coverage of the 2002 Olympic Games
> http://sports.yahoo.com
> -- This is the linux-help@xxxxxxxxx list. To unsubscribe,
> visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
-- This is the linux-help@xxxxxxxxx list. To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
|
|
