[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] cgi
> im trying to run cgi shell scripts but keep getting server did a boo boo
> My script is as follows
>
> #!/usr/bin/bash
> /etc/rc.d/rc2.d/S20inetd restart
>
> could someone point me into the right direction untill until I can get a
> book on cgi scripting im stuck.
>
> Cheers Kevin
>
What you probably need to do is write a short piece of C that you can make
suid...suid shell scripts aren't supported (security hole), but nothing to
stop you writing a suid C wrapper to call your script...it would look along
the lines of:
#include <stdlib.h>
int main ()
{
system ("/path/to/my/cgi-script");
return 0;
}
Save to file, then:
gcc <file>.c -o cgi-wrapper
cp cgi-wrapper /path/to/cgi-bin
chown root.root /path/to/cgi-bin/cgi-wrapper
chmod 4111 /path/to/cgi-bin/cgi-wrapper
You can use another name for the program other than cgi-wrapper if you want
:) But this should get around the problem.
Note: this is a quick hack :) If you want something more secure, then I would
advise against using system(3) and look into using execv(3) (or some other
exec function - there are many of them). system(3) calls /bin/sh to execute
the command specified...potentailly a problem *and* it's additional overhead.
*alternatively* instead of writing your own wrapper, "man sudo".
HTH,
Chris...
--
@}-,'-------------------------------------------------- Chris Johnson --'-{ [at]
/ "(it is) crucial that we learn the difference / sixie [at] nccnet.co.uk \
/ between Sex and Gender. Therein lies the key / \
/ to our freedom" -- LB / www.nccnet.co.uk/~sixie \
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.
- References:
- [Sheflug] cgi
- From: "kbarrass" <kbarrass [at] minsthorpecc.wakefld.sch.uk>