on 8/1/01 11:49 AM, Ken Jones at [EMAIL PROTECTED] spake:
> Bill Shupp wrote:
>>
>> on 8/1/01 11:18 AM, Ken Jones at [EMAIL PROTECTED] spake:
>>> Ah, /bin/ps is not secure. That must be apache holding up the show.
>>> Stupid apache.
>>
>> I don't understand.. If I run the the "r" script (which just sets up the
>> environment, then calls vqadmin.cgi as a test) as non-root user, I get the
>> same message to stderr. This sounds to me like it's not apache, but
>> vqadmin.cgi when called as a non-root user.
>
> non root users can't run ps?
>
> Ken
Ken,
ps is what's holding up the show, I think. As a test, I compiled the below
code into a.out:
#include <string.h>
int main()
{
char pscommand[10];
strcpy(pscommand, "/bin/ps");
execl(pscommand, "ps", "ax", NULL);
}
Then:
[shupp@bb C]$ su
[root@bb C]# chown root.root a.out
[root@bb C]# chmod a+s a.out
[root@bb C]# exit
[shupp@bb C]$ ./a.out
This /bin/ps is not secure for setuid operation.[shupp@bb C]$
Cheers,
Bill Shupp
