Complete.Org: Mailing Lists: Archives: linux-help: February 2002:
[linux-help] Re: CGI-Script
Home

[linux-help] Re: CGI-Script

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: linux-help@xxxxxxxxx
Subject: [linux-help] Re: CGI-Script
From: Cheez-Czar <cabrubak@xxxxxxx>
Date: Fri, 22 Feb 2002 22:46:05 -0600 (CST)
Reply-to: linux-help@xxxxxxxxx

There is more, to make your script less insecure you should look into how
to change the active id the script runs under , so that unitl you need to
be root you are nobody, or another non root user, ans change to root for
the command you need, and change back when done. 

Set uid is really beyond the scope of linux help, you might want to look
into a unix programming like Programming in the Unix enviroment to under
stand the principles, and check the camel book on how to do it in perl




On Fri, 22 Feb 2002, Jeff Vian wrote:

> 
> if you REALLY want to let anybody from the website use a setuid script
> to do that,
> 
> 1.  chown root filename
>     (possibly) chgrp root filename as well
> 2.  chmod 4755 filename
> NOTE: the 4 in the above permissions sets the setuid bit for whomever
> actually owns the file, thus it is setuid to whomever the owner is.....
> root, or anybody else who is the owner.
> 
> This will set the file so that anyone who uses it will give the script
> privledges as if they were the root user while the script is running.
> The problem with this is that it might be possible for someone to
> actually get access to your system as root by using any weakness that
> may exist in the script.
> 
> You need to do this while logged in as root yourself.
> 
> 
> Sudharsha Wijesinghe wrote:
> > 
> > Thanks for the information.
> > Can you pls tell me how to setuid .
> > The Cgi script is in perl.
> > Thanks again,
> > Sudharsha.
> > --- Clint Brubakken <cabrubak@xxxxxxx> wrote:
> > >
> > > The only way to do this is a making the cgi program
> > > setuid. If its perl
> > > or c it possible, I'm don't think it is in php.
> > > however it is very
> > > insecure, to let web users do things as root.
> > >
> > > You might want to check into webmin an existing cgi
> > > program that I think
> > > does that, and has been looked over by many people
> > > for security holes.
> > >
> > >
> > >
> > >
> > > On Thu, 2002-02-21 at 02:29, Adithya Wijesinghe.
> > > wrote:
> > > >
> > > > Hi,
> > > > My problem is this .
> > > > I have written a CGI-Script to create users in my
> > > linux box
> > > > I am using GET method and also useradd command.
> > > > The out put comes as saying the useris sucessfully
> > > created but
> > > > there is no user created.When I chek the error log
> > > in apache I it sa
> > > > ys only root is able to run useradd how can I over
> > > come this
> > > > problem?
> > > > Thanks in advance ,
> > > > Sudharsha.
> > > >
> > > >
> > >
> > _________________________________________________________
> > > > Do You Yahoo!?
> > > > Get your free @yahoo.com address at
> > > http://mail.yahoo.com
> > > >
> > > > -- This is the linux-help@xxxxxxxxx list.  To
> > > unsubscribe,
> > > > visit
> > > http://www.complete.org/cgi-bin/listargate-aclug.cgi
> > >
> > >
> > > -- This is the linux-help@xxxxxxxxx list.  To
> > > unsubscribe,
> > > visit
> > > http://www.complete.org/cgi-bin/listargate-aclug.cgi
> > >
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Sports - Coverage of the 2002 Olympic Games
> > http://sports.yahoo.com
> > -- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
> > visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
> -- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
> visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
> 

-- 
+-----------------------------------------------------+
| The Cheez-Czar  http://www.hackboy.com/~cabrubak    |
-------------------------------------------------------------------------------
--------------------------------------------------------------------------------

-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi


[Prev in Thread] Current Thread [Next in Thread]