Even if you make it setuid root, Bash will drop the root priviliges again as a security measure (unless you compiled Bash specifically for it).
Perl may do the exact same thing; there isn't something called suidperl for nothing.
Anyway, be *very* careful when doing something like this. At any rate, make certain your suid wrapper program checks the action it is told to perform, just in case someone manages to trick the PHP script into requesting strange things (like 'rm -rf /').
About the easiest way would be to only allow one word as argument, referring to a script in a special (hardcoded!) directory. Different task, different script. No special characters allowed in the script name. If it doesn't exist in the hardcoded directory, or has special chars: raise all kinds of alarms. |