Today, Kevin D. Clark gleaned this insight:
> Make the CGI program suid-root. If you're running on a system that
> doesn't execute suid *scripts*, make a C wrapper. It's just a simple
> matter of programming.
There are other problems with that... see below.
>
> Obviously, if you do this, you'd better know what you're doing.
>
> --kevin
>
> PS If you happen to implement this in Perl, taint checks are your
> friend.
As it happens, I did write both the CGI wrapper and the utility itself in
perl. Unfortunately I'm still very new to perl, so my perl code is not
the best. I actually did make the program SUID (not the CGI), but I have
to use the system command to do a bunch of stuff, and it won't execute.
It complained about insecure environment variables too, which I fixed...
There are probably a few other things in there that it will complain
about, but I DON'T CARE! This is for a limited audience and will be
protected by password!
I hate being protected from myself!
I don't know how to use taint checking, but I did write a lot of input
checking into the perl CGI wrapper, as well as into the perl program that
it calls. I'll have to look into that.
=8^)
--
You know that everytime I try to go where I really want to be,
It's already where I am, cuz I'm already there...
---------------------------------------------------------------
Derek D. Martin | Unix/Linux Geek
[EMAIL PROTECTED] | [EMAIL PROTECTED]
---------------------------------------------------------------
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
