On Fri, 13 Oct 2000, Karl J. Runge wrote:
> Ignoring any security concerns, this will work as a wrapper for just
> about any program:
>
> haystack[112] cat ~/suid_test.c
This had occured to me, and I'm probably going to go this route, but I
just thought there must be a way to do this without resorting to such
tactics (i.e. through configuring apache). However, it seems that the
latest versions of apache simply refuse to run anything as root, including
itself.
Supposedly there's a symbol you can define in src/Configuration before you
build it which will allow it to run as root, but I did it several times,
including with web weenies standing over my shoulder to make sure I'm just
not being stupid, and it still failed to run as root.
I totally understand the need to provide security, but (Ken, if you're
listening), I still think the Apache team should provide you the
opportunity to shoot yourself in the foot if you really want it.
> Set CMD to full path to script/program. printf's are just for debugging.
> Depending on what you are doing you may not need the setuid(0) call.
Yep, I'll need it. :) Or, I could rewrite my perl program to not do a
bunch of things that it does, but that would take too long, and like I
said, the security of this thing doesn't really need to be air-tight.
--
Derek Martin
Senior System Administrator
Mission Critical Linux
[EMAIL PROTECTED]
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
