On Thu, Apr 07, 2005 at 05:09:00PM +0300, Shachar Shemesh wrote:
> Hi all,
>
> I'm building a small web application. As I want this app to make changes
> in the system, I'm using a suid (non-root) perl executable to carry out
> most of the actual operations, and the application (read - apache) runs
> this executable.
>
> So far, so good.
>
> One of the operations I need carried out is creating an SSH key. I use
> the following syntax inside the perl script:
> if( system("ssh-keygen", "-q", "-b", $1, "-t", "dsa", "-f",
> "/home/user/.ssh/id_dsa", "-N", "", "-C",
> $2 )==0 ) {
>
> If I run the perl script directly, everything is great. If I try to run
> it from the web server, however, the "system" isn't carried out. I
> thought it may have to do with "system" trying to rely on a shell which
> the apache user doesn't have, but the man page for perlfunc says that a
> shell is only required if the other syntax for "system" is used, and
> that execvp is used for this syntax.
>
> I also tried switching to the other syntax and redirecting the output to
> a file. Nothing. The file is not even created.
>
> I tried replacing ssh-keygen with /usr/bin/ssh-keygen, but that did not
> solve the problem either.
>
> In short, I'm fairly running out of ideas as to how to debug this. I
> can't seem to find a way to test what is going wrong. Ideas would be
> most welcome
Did you try strace and see that it really doesn't try to exec?
If you do, note you can't strace a suid exec. To do this, strace -p
as root.
--
Didi
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
