Hi
i use backuppc and i like it a lot (THANKS!) , but recently i was trying arch
linux and found that they require that apache runs as backuppc user, breaking
other sites i have.
That was strange for me, as my backuppc work machine have other sites and dont
requires it to run as backuppc user.
The difference is that the machine is a debian linux...
after some research, i found that backuppc cgi-bin file needs to be suid and as
its a perl script, needs perl-suid and its considered a security problem.
The alternative is what Arch linux is doing, running apache as backuppc.
As recent debian releases dont have anymore perl-suid, debian people build a
small C program that runs the perl script as the correct user.
I have tested and works fine. As is a compiled program, dont have the security
problems of the setting suid on scripts files.
Other distros have the same problem, so i recommend that the backuppc included
by default the small C program and add one more alternative for running the
webinterface (suid the perl, suid the C program, apache as backuppc user)
Here is the C code, its very simple:
#include <unistd.h>
#define REAL_PATH "/usr/share/backuppc/lib/realindex.cgi"
int main(ac, av)
char **av;
{
execv(REAL_PATH, av);
return 0;
}
the real perl script (BackupPC_Admin) should be moves to the lib dir, as
realindex.cgi or BackupPC_Admin.pl (but please change the above reference.
Thanks
higuita
--
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-devel mailing list
BackupPC-devel@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-devel
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
