CGI-Execution with UID/GID of script-owner

CGI-Execution with UID/GID of script-owner

Post by Alex Kuehn » Thu, 06 Sep 2001 15:47:09



Hi *,

I have apache 1.3.20 up and running. The problem I have is
the following:

Each cgi-script should be executed with the UID/GID of the
script-owner, no matter where it resides, as some of my
scripts are outside the standard cgi-bin directory.

I have tried different things: suexec, mod_become (from the
apache module registry), different cgi-wrappers (cgiwrap, sbox), but
they did not satisfy me. Either they apply to VirtualHost or
to ~user, but this is not what I need.

Does anybody know how this can be reached? Has anybody a wrapper
running doing the trick? Or has anybody written an apache module
for this purpose?

Best regards,
Alex Kuehne

 
 
 

CGI-Execution with UID/GID of script-owner

Post by David Efflan » Fri, 07 Sep 2001 11:15:51



> Hi *,

> I have apache 1.3.20 up and running. The problem I have is
> the following:

> Each cgi-script should be executed with the UID/GID of the
> script-owner, no matter where it resides, as some of my
> scripts are outside the standard cgi-bin directory.

> I have tried different things: suexec, mod_become (from the
> apache module registry), different cgi-wrappers (cgiwrap, sbox), but
> they did not satisfy me. Either they apply to VirtualHost or
> to ~user, but this is not what I need.

> Does anybody know how this can be reached? Has anybody a wrapper
> running doing the trick? Or has anybody written an apache module
> for this purpose?

Any binary can be suid.  But that is usually ignored for scripts, except
if you use suidperl instead of perl in the shebang line, suid is suid
root, and the script passes taint checking (perl -T) per perldoc perlsec.

Note that the suid bit is cleared whenever the script is modified, so suid
bit needs to be reset after any script updates.

The old perl4 "Learning perl" O'Reilly book used to have a perl script to
generate an suid C wrapper for scripts, but that is not in the "Learning
Perl" Perl5 boot.

--
David Efflandt - All spam is ignored - http://www.de-srv.com/
http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
http://cgi-help.virtualave.net/  http://hammer.prohosting.com/~cgi-wiz/

 
 
 

1. Only niumbers in uid-owner and gid-owner fields when listing directory

Hi,

I currently have the following strange situation on two Solaris 8 servers
(SPARC with patch cluster of mai installed). When I add a useraccount with a
command like "# /usr/sbin/useradd -u 999 -g 10 -d /export/home/test -s
/bin/ksh -m test", change the password of this useraccount with "# passwd
test" and then login with this account I only see de uid and gid numbers in
the corresponding fields when listing a directory with "ls -sla".

$ pwd
/export/home/test
$ ls -sla
total 18
   2 drwxr-xr-x   2 999      10           512 Jun 11 06:30 .
   2 drwxr-xr-x   3 0        0            512 Jun 11 06:29 ..
   2 -rw-r--r--   1 999      10           144 Jun 11 06:29 .profile
   2 -rw-------   1 999      10           364 Jun 11 07:17 .sh_history
   2 -rw-r--r--   1 999      10           141 Jun 11 06:29 local.cshrc
   2 -rw-r--r--   1 999      10           124 Jun 11 06:29 local.cshrc.ship
   2 -rw-r--r--   1 999      10           607 Jun 11 06:29 local.login
   2 -rw-r--r--   1 999      10           569 Jun 11 06:29 local.profile
   2 -rw-r--r--   1 999      10           582 Jun 11 06:29
local.profile.ship

Anyone any idea what the problem is here?

Also the program "id" does not show the full output :

$ id
uid=999 gid=10

When doing the above as user root all the information is provided correctly.

I have searched google but couldn't find anything.

MTIA.

Lars.

2. Q: How to notify DOS user they have mail on UNIX System

3. Normal for root to be UID 0 GID 0 rather than GID 1 ?

4. MS SQL ODBC works for Sybase

5. Chaning UID on CGI execution

6. sendmail.cf questions

7. iptables -m owner --uid-owner does not work

8. Xfig binaries for IBM-PC's..

9. Using uid and gid on scripts?

10. CGI script changes file owner!

11. Execution of CGI scripts in Apache

12. Apache CGI/Perl script execution problem

13. apache setup/enabling execution of cgi scripts