[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] owm and suid perl on qube 3
- Subject: Re: [cobalt-users] owm and suid perl on qube 3
- From: "Brian N. Smith" <support@xxxxxxxxxx>
- Date: Wed Sep 24 20:22:00 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
> does the whole perl thing have to be suid, or could you do something
crufty
> like change permissions and ownership of the relevant owm bits:
>
> chmod 4711 foo.cgi
> chown root foo.cgi
>
> ??
>
> that would give it -rws--x--x for permissions... dunno how that would work
> with cgiwrap though...
Well, originally when Taco did this package, he setup a .htaccess file to
allow
OWM to be a "cgi-script" instead of "cgi-wrapper". That way it could run as
ROOT.
My understanding, and I had tested this ... is that it needs to be u+s
because
it reads the password / shadow file directly ... good and bad I know, don't
say it.
I guess instead of trying to use "/usr/bin/suidperl -T" in the file, I could
try to
make it do "/usr/bin/perl -T" ... but, will Perl SUID? I thought that was
the
whole reasoning behind SuidPERL (sperl) ?
This PKG that was used to install it was the same as the download. I can
try
to recompile the SRPM, see if that makes a difference or not. I just do not
want to bring down a production box, I would feel bad, and be busy fixing
whatever I muck up.
~Brian