On Fri, 13 Oct 2000, Derek Martin <[EMAIL PROTECTED]> wrote:
> > haystack[112] cat ~/suid_test.c
>
> This had occured to me, and I'm probably going to go this route, but I
Good. Another place I know of to look for more C code doing this
is "wrapper.c" of the Majordomo distribution.
> just thought there must be a way to do this without resorting to such
> tactics (i.e. through configuring apache).
Yes, there are a variety of places you could put the privileges:
- in the httpd daemon itself
- in a suid wrapper program (as I showed) that runs the script
- make the script suid (consider /usr/bin/suidperl if it is perl)
- have a non-privileged CGI script make calls to suid programs
to perform the privileged actions. (using, say, wrapper.c)
Since performance isn't an issue with your application, I'd prefer the
last one since it minimizes the amount of privileged code. Security aside,
if a script goes haywire it can do a heck of alot more damage as root.
Karl
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
