[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] OFFTOPIC: Faking CGI environment

Subject: Re: [cobalt-users] OFFTOPIC: Faking CGI environment
From: "manitu" <manitu@xxxxxxxxxx>
Date: Mon Mar 13 11:07:57 2000

> I don't know, have you tried it?

No, I don't know how, but perhaps a linux guru know how to do that. I am
thinking of somewhat similar to the good ols dos command "SET" which allows
you to set a specific environment variable available within the current
session. If we would be under DOS, you could use

    SET SCRIPT_NAME=/usr/admserv...
    SET REMOTE_USER=admin
    SET ...

to fake fool the cgi so that it believes these data were produced by the cgi
gateway.

Another question. Is there a real way for a cgi to determine in what
environment (executed by telnet or by the cgi-gateway) it runs ?


> Okay...let see, a program is set as 755 and owned by root.  Therefore only
> run can run it.  Somebody is on as root on you're box, they don't need
> to run the script.

I just logged in as a simple user who as telnet access and got into the
directory (e.g. /usr/admserv/cgi-bin/.cobalt/dns) and could start the
index.cgi. No problem....


>You have root'd a cobalt this way?

Hmmm. Sorry, I am not native English speaking. What do you mean ?


Manuel

References:
- [cobalt-users] OFFTOPIC: Faking CGI environment
  - From: manitu
- Re: [cobalt-users] OFFTOPIC: Faking CGI environment
  - From: Mat Kovach

Prev by Date: RE: [cobalt-users] GUI Security (RaQ3)
Next by Date: Re: [cobalt-users] JDK/Kaffe on the RaQ2
Previous by thread: Re: [cobalt-users] OFFTOPIC: Faking CGI environment
Next by thread: Re: [cobalt-users] OFFTOPIC: Faking CGI environment

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index