[ale] Please Help
Tyler Kiley
tyler at kianta.com
Thu Mar 28 16:53:26 EST 2002
Actually, I'm pretty sure php chmod() doesn't (didn't?) set suid or sticky
bits. But that's kinda getting sidetracked.....
I'd guess Ken's problem is in the c program:
int main(void)
{
  system("/usr/local/sbin/changewriter.pl");
}
according to the 'system' manpage in rh 7.2, bash drops suid priveliges when
it is run. Now... I'm still fairly new to linux, so correct me if I'm wrong,
but wouldn't that mean that the setuid bit on the c program is essentially
useless?
Tyler
Jim Philips:
> Well, there is a function called chmod() that will do anything a UNIX
> chmod will do. See shell_exec() and system() functions for executing
> other shell functions within PHP.
>
> On Thu, 2002-03-28 at 15:36, Tyler Kiley wrote:
> > if php is compiled as an apache module, you're outta luck afaik.....
> > there's nothing to chmod +s, and suexec doesn't work on mod_php (? never
> > tried myself, but that's what I've heard).
> >
> > if you've compiled it as a standalone executable, you can always chmod +s
> > /usr/local/bin/php, but then all your scripts run as that uid, which is
> > typically not good. (anyone know if apache will even accept an
> > interpreter that has the +s bit?)
> >
> > Suexec with standalone php is probably the best option. That will allow
> > you to designate a certain directory or virtualhost as setuid, while
> > leaving all other php scripts alone.
> >
> > http://httpd.apache.org/docs/suexec.html
> > http://www.php.net/manual/en/security.cgi-bin.php
> >
> > Tyler
> >
> > Ken Nagorski:
> > > Please tell me someone knows how to do this. Here is the problem.
> > >
> > > I need to a script SUID form a website. It is a PHP script that calls a
> > > wrapper program written in C and it is set 4755, The script is calls
> > > just runs a system command, actually a courier command, the makealises
> > > command. But I can't get this to work for the life of me. I know that
> > > someone has had of written the script that simplifies system mamagment
> > > and then needed to run a system command when it is finished but HOW?
> > >
> > > Uhg - Thanks
> > > Ken
> > >
> > >
> > >
> > >
> > > ---
> > > This message has been sent through the ALE general discussion list.
> > > See http://www.ale.org/mailing-lists.shtml for more info. Problems
> > > should be sent to listmaster at ale dot org.
> >
> > ---
> > This message has been sent through the ALE general discussion list.
> > See http://www.ale.org/mailing-lists.shtml for more info. Problems should
> > be sent to listmaster at ale dot org.
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should
> be sent to listmaster at ale dot org.
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list