[ale] Please Help

Ken Nagorski kenn at pcintelligent.com
Thu Mar 28 15:35:19 EST 2002 

It really has nothing to do with php, php calls a compiled C program that is
4755, the C program does on thing, as a matter of fact this is the code

int main(void)
{
    system("/usr/local/sbin/changewriter.pl");
}

The Change writer program checks the data to make sure it is not bogus (even
thought I do this in the PHP script) and then runs
"/usr/lib/courier/sbin/makealiases" But it just doesn't work, I can't
understand it for the life of me...

Thanks
ken

> if php is compiled as an apache module, you're outta luck afaik.....
> there's  nothing to chmod +s, and suexec doesn't work on mod_php (?
> never tried  myself, but that's what I've heard).
>
> if you've compiled it as a standalone executable, you can always chmod
> +s  /usr/local/bin/php, but then all your scripts run as that uid,
> which is  typically not good. (anyone know if apache will even accept
> an interpreter  that has the +s bit?)
>
> Suexec with standalone php is probably the best option.  That will
> allow you  to designate a certain directory or virtualhost as setuid,
> while leaving all  other php scripts alone.
>
> http://httpd.apache.org/docs/suexec.html
> http://www.php.net/manual/en/security.cgi-bin.php
>
> Tyler
>
> Ken Nagorski:
>> Please tell me someone knows how to do this. Here is the problem.
>>
>> I need to a script SUID form a website. It is a PHP script that calls
>> a wrapper program written in C and it is set 4755, The script is calls
>> just runs a system command, actually a courier command, the makealises
>> command. But I can't get this to work for the life of me. I know that
>> someone has had of written the script that simplifies system mamagment
>> and then needed to run a system command when it is finished but HOW?
>>
>> Uhg - Thanks
>> Ken
>>
>>
>>
>>
>> ---
>> This message has been sent through the ALE general discussion list.
>> See http://www.ale.org/mailing-lists.shtml for more info. Problems
>> should be sent to listmaster at ale dot org.
>
> ---
> This message has been sent through the ALE general discussion list. See
> http://www.ale.org/mailing-lists.shtml for more info. Problems should
> be  sent to listmaster at ale dot org.




---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list