If I have a binary ("dspam" in my case) which needs to be run as a
certain user ("dspam" in this case), and which I want to exec from a web
server running PHP (user "www-data"), what's my best option?
I've played with suphp which would be the way forward if it co-existed
with mod_php on the same sever, but it's not feasible otherwise for me
as it breaks more than it fixes.
So one possibility would be to create a script owned by the user dspam,
and set its permissions so that www-data can execute the script, and
have that call the dspam binary. However setuid scripts are disabled in
the kernel, I believe, which means I need to do the same thing as a
compiled executable.
That raises the issue of making sure I write the code securely so that
it can't do anything it shouldn't, and that's where I think I need some
help as my C stills are rusty to say the least. What I need to do is run
the following command:
dspam --class=XXX --source=error --user=YYY --signature=ZZZ
where XXX is either "spam" or "innocent", YYY is a valid email address,
and ZZZ is a hash value comprising only alphanumerics. Therefore it
ought to be pretty simple to validate the input before generating the
system call, but my C is too weak to do it.
--
Mark Rogers // More Solutions Ltd (Peterborough Office) // 0845 45 89 555
Registered in England (0456 0902) at 13 Clarke Rd, Milton Keynes, MK1 1LG
_______________________________________________
Peterboro mailing list
[email protected]
https://mailman.lug.org.uk/mailman/listinfo/peterboro
