On Wed, Nov 28, 2001 at 03:38:59PM +0800, CYWare wrote: > > Is there anyway to login as root and perform a few privileged actions from > within a CGI program? I want to be able overwrite a file owned by root, as > well as perform other "root only" tasks, from within my CGI program. > > We use C++ for CGI programming, so the approach would also have to use C or > C++. TIA.
Given the modularity of the Unix security model, the only way to do this generally will be to make your CGI program setuid root and do some voodoo on Apache to allow it to execute such things. The very thought of doing this sends cold shivers up my spine being someone who worries a lot about security, so be SURE that that's the only way to do what you need to do! Maybe there's an approach that will not require privileged actions that you can try that will do the job. If there's really no other way, be SURE that your CGI script is very cleanly programmed and that it drops the higher privileges as soon as they are unnecessary. I'll also urge you to reconsider the use of C/C++ for this purpose, as they were not designed for convenient and secure CGI programming. It's easy to make mistakes that can lead to fatal security errors with these languages. I would suggest you use Perl or Python instead to do your CGI work. -- Rafael R. Sevilla <[EMAIL PROTECTED]> +63(2) 8177746 ext. 8311 Programmer, Inter.Net Philippines +63(917) 4458925 http://dido.engr.internet.org.ph/ OpenPGP Key ID: 0x5CDA17D8 Heute die Welt und Morgen das Sonnensystem! _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
