[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Please Help



try "su -s /bin/sh -c /path/to/c/program nobody" (or replace nobody with your 
apache user) and see if you get any helpful error messages....

Tyler

Ken Nagorski:
> It really has nothing to do with php, php calls a compiled C program that
> is 4755, the C program does on thing, as a matter of fact this is the code
>
> int main(void)
> {
>     system("/usr/local/sbin/changewriter.pl");
> }
>
> The Change writer program checks the data to make sure it is not bogus
> (even thought I do this in the PHP script) and then runs
> "/usr/lib/courier/sbin/makealiases" But it just doesn't work, I can't
> understand it for the life of me...
>
> Thanks
> ken
>
> > if php is compiled as an apache module, you're outta luck afaik.....
> > there's  nothing to chmod +s, and suexec doesn't work on mod_php (?
> > never tried  myself, but that's what I've heard).
> >
> > if you've compiled it as a standalone executable, you can always chmod
> > +s  /usr/local/bin/php, but then all your scripts run as that uid,
> > which is  typically not good. (anyone know if apache will even accept
> > an interpreter  that has the +s bit?)
> >
> > Suexec with standalone php is probably the best option.  That will
> > allow you  to designate a certain directory or virtualhost as setuid,
> > while leaving all  other php scripts alone.
> >
> > http://httpd.apache.org/docs/suexec.html
> > http://www.php.net/manual/en/security.cgi-bin.php
> >
> > Tyler
> >
> > Ken Nagorski:
> >> Please tell me someone knows how to do this. Here is the problem.
> >>
> >> I need to a script SUID form a website. It is a PHP script that calls
> >> a wrapper program written in C and it is set 4755, The script is calls
> >> just runs a system command, actually a courier command, the makealises
> >> command. But I can't get this to work for the life of me. I know that
> >> someone has had of written the script that simplifies system mamagment
> >> and then needed to run a system command when it is finished but HOW?
> >>
> >> Uhg - Thanks
> >> Ken
> >>
> >>
> >>
> >>
> >> ---
> >> This message has been sent through the ALE general discussion list.
> >> See http://www.ale.org/mailing-lists.shtml for more info. Problems
> >> should be sent to listmaster at ale dot org.
> >
> > ---
> > This message has been sent through the ALE general discussion list. See
> > http://www.ale.org/mailing-lists.shtml for more info. Problems should
> > be  sent to listmaster at ale dot org.
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should
> be sent to listmaster at ale dot org.

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.