The Daily Static
  The Daily Static
UF Archives
Register
UF Membership
Ad Free Site
Postcards
Community
Geekfinder
UFie Gear
Advertise on UF
Forum Rules
& FAQ

Username

Password


Create a New Account

  
 

Back to UserFriendly Strip Comments Index
php query (ies?) by waveydavey2007-07-10 02:32:16
  Won't work with (Bash) shellscript by ttlogic 2007-07-10 02:44:18
Even if you make it setuid root, Bash will drop the root priviliges again as a security measure (unless you compiled Bash specifically for it).

Perl may do the exact same thing; there isn't something called suidperl for nothing.

Anyway, be *very* careful when doing something like this. At any rate, make certain your suid wrapper program checks the action it is told to perform, just in case someone manages to trick the PHP script into requesting strange things (like 'rm -rf /').

About the easiest way would be to only allow one word as argument, referring to a script in a special (hardcoded!) directory. Different task, different script. No special characters allowed in the script name. If it doesn't exist in the hardcoded directory, or has special chars: raise all kinds of alarms.
[ Reply ]
    Security ... by waveydavey2007-07-10 03:10:48
    That's the kernel, not bash; it applies to any int by bwkaz2007-07-10 04:06:57
      Makes sense by ttlogic2007-07-10 04:15:08

 

[Todays Cartoon Discussion] [News Index]

Come get yer ARS (Account Registration System) Source Code here!
All images, characters, content and text are copyrighted and trademarks of J.D. Frazer except where other ownership applies. Don't do bad things, we have lawyers.
UserFriendly.Org and its operators are not liable for comments or content posted by its visitors, and will cheerfully assist the lawful authorities in hunting down script-kiddies, spammers and other net scum. And if you're really bad, we'll call your mom. (We're not kidding, we've done it before.)