My idea was to actually set environment variables to specific values for different occasions, then have an app/service read the values of the variables periodically. Whatever that is worth to anyone else . . .
On Mon, Feb 10, 2014 at 2:34 PM, William Hermans <[email protected]> wrote: > Jack, > > Ok perhaps I am missing something, and I by no means mean to be > adversarial here. I am just curious, so If i am missing something please > feel free to enlighten me. > > What is the difference between using setuid(0) and having a web socks app > running the app ? Here is my thinking. If you write the app/service > correctly, all anyone is going to be able to do is switch on / off an LED. > Yes, perhaps you do not want *EVERYONE* doing this, but how will this > solution solve that specific problem ? Unless I am missing something . . . > nothing can, short of having a user login screen for the web interface. > > So I am not looking for an argument so much as enlightenment . . . as I > have personally given this situation some thought over the last 6 or so > months( being new to embedded Linux, and thus web appliances ). > > > On Mon, Feb 10, 2014 at 9:03 AM, Jack Mitchell > <[email protected]>wrote: > >> On 07/02/14 21:28, [email protected] wrote: >> > OS Image: Ubuntu Precise 12.04.3 LTS >> > >> > I'm attempting to control LEDs from a webpage (and eventually other >> > hardware from the device tree overlay). I've written a C program to >> > toggle the onboard LED based on the arguments passed to it. This only >> > works if you run it as root however. I've also installed lighttpd and >> > have a php page running with a link to toggle the LED based on button >> > press. To work around running as root, I added a setuid(0) to the C >> > program and changed the ownership of the gcc output binary to root, then >> > made the binary readable and executable by any user. The result is that >> > the php page can control the LED, but I'm uncertain of how safe this set >> > up is. >> > >> > Is there a better (safer) way for me to be controlling hardware from a >> > webpage with C? If not, what are my other options? >> > >> > Let me know if I can provide you with any additional details. >> > >> > Thanks, >> > Jake >> > >> >> Yes. You could implement a message passing bus (websockets for example) >> which the C program responds to. Therefore you run your C program in the >> background waiting for a message on the bus, then you get your web >> application to send a message to the program telling it turn on/off an >> LED. The C program runs as root and as such has control of the hardware >> and your webapge never calls the C program, but only sends data on the >> message bus, so as such it's a bit harder for anyone to do anything >> untoward. >> >> -- >> Jack Mitchell ([email protected]) >> Embedded Systems Engineer >> Cambridgeshire, UK >> http://www.embed.me.uk >> -- >> >> -- >> For more options, visit http://beagleboard.org/discuss >> --- >> You received this message because you are subscribed to the Google Groups >> "BeagleBoard" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> > > -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
