Re: How can CGI script execute root commands or edit root-owned files ? - dannyman - org.freebsd.freebsd-questions

4 messages in org.freebsd.freebsd-questionsRe: How can CGI script execute root c...

From	Sent On	Attachments
chas	Apr 2, 1998 10:13 am
David Shanes	Apr 2, 1998 11:23 am
dannyman	Apr 2, 1998 11:53 am
Tim Gustafson	Apr 2, 1998 2:46 pm

Subject:	Re: How can CGI script execute root commands or edit root-owned files ?
From:	dannyman (dann...@sasquatch.dannyland.org)
Date:	Apr 2, 1998 11:53:35 am
List:	org.freebsd.freebsd-questions

On Fri, Apr 03, 1998 at 02:13:51AM +0800, chas wrote:

Since a CGI script is executed with Nobody's (the web server's) privilegies, how it can run Administrator commands like useradd ?

One suggestion I've had was running the webserver as root but this seems to be considered not a good thing by and large. I was just looking at updating user records and DNS records in such a manner.

There is a "SetUID" patch you can apply to Apache seperately which will execute CGIs under their author's ownership, assuming certain security restrictions are met.

If you want to call a suid program from your CGI, using your CGI programme as something of a security wrapper, I think that might work nicely too, though I've never tried this.

-dan

To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets