> Hi *,
> I have apache 1.3.20 up and running. The problem I have is
> the following:
> Each cgi-script should be executed with the UID/GID of the
> script-owner, no matter where it resides, as some of my
> scripts are outside the standard cgi-bin directory.
> I have tried different things: suexec, mod_become (from the
> apache module registry), different cgi-wrappers (cgiwrap, sbox), but
> they did not satisfy me. Either they apply to VirtualHost or
> to ~user, but this is not what I need.
> Does anybody know how this can be reached? Has anybody a wrapper
> running doing the trick? Or has anybody written an apache module
> for this purpose?
Any binary can be suid. But that is usually ignored for scripts, except
if you use suidperl instead of perl in the shebang line, suid is suid
root, and the script passes taint checking (perl -T) per perldoc perlsec.
Note that the suid bit is cleared whenever the script is modified, so suid
bit needs to be reset after any script updates.
The old perl4 "Learning perl" O'Reilly book used to have a perl script to
generate an suid C wrapper for scripts, but that is not in the "Learning
Perl" Perl5 boot.
David Efflandt - All spam is ignored - http://www.de-srv.com/