tim tom mailto:[EMAIL PROTECTED] scribbled;
Dear Marek,
Where do find that? I am no C programmer.
--
tim
--- Marek Kilimajer [EMAIL PROTECTED] wrote:
It's a shell script, and your shell drops root privileges. Use a
shell that doesn't or use a C-wraper.
Make yourfile.c and put this
!!!WARNING - WARNING - WARNING - WARNING - WARNING!!!
This will mean ANYONE can run this program AS ROOT. Read up on SUID.
!!!WARNING - WARNING - WARNING - WARNING - WARNING!!!
Make yourfile.c and put this in:
main(argc,argv)
int argc;
char **argv;
{
execv(/your/program/here, argv);
Dear Marek,
Where do find that? I am no C programmer.
--
tim
--- Marek Kilimajer [EMAIL PROTECTED] wrote:
It's a shell script, and your shell drops root privileges. Use a shell
that doesn't or use a C-wraper.
tim tom wrote:
Dear Pete,
Yes, apache runs as nobody. But I have setuid
It's a shell script, and your shell drops root privileges. Use a shell
that doesn't or use a C-wraper.
tim tom wrote:
Dear Pete,
Yes, apache runs as nobody. But I have setuid add.sh. Wouldn't that be sufficient ?
--
tim
--- Peter Houchin [EMAIL PROTECTED] wrote:
you need to make sure
Personally, running a script directly from a website to add users is asking
for security trouble.. I would have it write a adduser request to a file
and then have a cron job parse that file everyt 5, 10 or 30 minutes or
something looking for new users to add. This gets you around the SUID
you need to make sure that the web has permission to use that file .. my
guess is it don't have permission hence why you can run add.sh from the
command line (where your not your web user I'm assuming).
-Original Message-
From: tim tom [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 18
Dear Pete,
Yes, apache runs as nobody. But I have setuid add.sh. Wouldn't that be sufficient ?
--
tim
--- Peter Houchin [EMAIL PROTECTED] wrote:
you need to make sure that the web has permission to use that file .. my
guess is it don't have permission hence why you can run add.sh from the
To: Peter Houchin; [EMAIL PROTECTED]
Subject: RE: [PHP] adding unix account via system command
Dear Pete,
Yes, apache runs as nobody. But I have setuid add.sh. Wouldn't
that be sufficient ?
--
tim
--- Peter Houchin [EMAIL PROTECTED] wrote:
you need to make sure that the web has permission
8 matches
Mail list logo