ID: 13054
Updated by: lobbin
Reported By: [EMAIL PROTECTED]
Old Status: Open
Status: Feedback
Bug Type: Program Execution
Operating System: Linux (RedHat 7.1)
PHP Version: 4.0.6
New Comment:
Did you find a solution of this on your own? If not, can you try this with 4.1.0?
And you are sure the perl-script is not runnig setuid?
R.
Previous Comments:
------------------------------------------------------------------------
[2001-08-30 06:12:44] [EMAIL PROTECTED]
Hi,
Apache is running as 'apache' user in group 'www-data', started by root (ofcourse).
(version 1.3.20)
Perl script is a distribution script copying files with scp. Keys are located in the
home directory of apache user.
PHP configured without a php.ini (thus default apply). Apache and PHP were compiled
from source.
I'm php developers since the early beginning, and now almost fulltime PHP programmer.
Now!
system("/usr/local/bin/distributer.pl $audioid $newfilename 2>>/tmp/distributor.log
1>&2 &");
This should distributed files to our fileservers. But rather than running as
apache-user (where the ssh keys are) it runs as root!!! I never, in all these years,
saw this! I'm pretty unsure if this is true or if this can be?
I would like to here it is a missconfiguration of mine..
The logs of my Perl script show:
Starting distribution as user root
The fact that it runs as 'root' compromises my security stuff and the project will not
work..
Just tell me i'm wrong and this can't be true.. Or is this the way things are done? ;p
Geert
PS: i'm submitting this in a hury and didn't search possible submittes. call it panic.
------------------------------------------------------------------------
Edit this bug report at http://bugs.php.net/?id=13054&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
