[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] cgi




> im trying to run cgi shell scripts but keep getting server did a boo boo
> My script is as follows
> 
> #!/usr/bin/bash
> /etc/rc.d/rc2.d/S20inetd restart
> 
> could someone point me into the right direction untill until I can get a
> book on cgi scripting im stuck.
> 
> Cheers Kevin
> 


What you probably need to do is write a short piece of C that you can make 
suid...suid shell scripts aren't supported (security hole), but nothing to 
stop you writing a suid C wrapper to call your script...it would look along 
the lines of:

	#include <stdlib.h>
	int main ()
	{
		system ("/path/to/my/cgi-script");
		return 0;
	}

Save to file, then:
	gcc <file>.c -o cgi-wrapper
	cp cgi-wrapper /path/to/cgi-bin
	chown root.root /path/to/cgi-bin/cgi-wrapper
	chmod 4111 /path/to/cgi-bin/cgi-wrapper

You can use another name for the program other than cgi-wrapper if you want 
:) But this should get around the problem.

Note: this is a quick hack :) If you want something more secure, then I would 
advise against using system(3) and look into using execv(3) (or some other 
exec function - there are many of them). system(3) calls /bin/sh to execute 
the command specified...potentailly a problem *and* it's additional overhead.

*alternatively* instead of writing your own wrapper, "man sudo".

HTH,

Chris...

-- 
@}-,'--------------------------------------------------  Chris Johnson --'-{ [at] 
    / "(it is) crucial that we learn the difference / sixie [at] nccnet.co.uk  \
   / between Sex and Gender. Therein lies the key  /                       \ 
  / to our freedom" -- LB                         / www.nccnet.co.uk/~sixie \ 


---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.