executing /sbin/ifconfig from a /cgi-bin script

executing /sbin/ifconfig from a /cgi-bin script

Post by Joac » Mon, 10 Mar 2003 13:05:57



I need to have a web page dispatch an
'/sbin/ifconfig eth0 host' command from
an embedded keyboard-less Linux.

I have tried a bash cgi script that
calls a suidperl script in /root or /
to execute the ifconfig from within
a perl function
  system "$program $args";

and/or
an
  open(MAIL, "| /bin/mail $mail_to");
  print MAIL "hello:
  close MAIL;
where $mail_to has been set to:

now, this works from a root login, but not from Apache.

Any clues?
Thanks in advance
TonyB

 
 
 

executing /sbin/ifconfig from a /cgi-bin script

Post by Akop Pogosia » Mon, 10 Mar 2003 14:34:53



> I need to have a web page dispatch an
> '/sbin/ifconfig eth0 host' command from
> an embedded keyboard-less Linux.
> I have tried a bash cgi script that
> calls a suidperl script in /root or /
> to execute the ifconfig from within
> a perl function
>   system "$program $args";
> and/or
> an
>   open(MAIL, "| /bin/mail $mail_to");
>   print MAIL "hello:
>   close MAIL;
> where $mail_to has been set to:

> now, this works from a root login, but not from Apache.

What king of error to do see when loading that page?
What errors do you see in the apache log files, specially error_log?

--
Akop Pogosian

This space has been accidentally left blank.

 
 
 

executing /sbin/ifconfig from a /cgi-bin script

Post by Joac » Mon, 10 Mar 2003 16:17:51


On Sun, 9 Mar 2003 05:34:53 +0000 (UTC)


> What king of error to do see when loading that page?
> What errors do you see in the apache log files, specially error_log?

I have changed things around, see below:
wrap.cgi (owned by httpd:httpd with mode 7711)
the others are (owned by httpd:httpd with mode 700)

http_errs
SIOCSIFADDR: Permission denied
SIOCSIFFLAGS: Permission denied

C WRAPPER
#include <stdlib.h>
int main() {
        execl("/var/spool/pages/cgi-bin/iwconfig.cgi");
        return 1;

Quote:}

IWCONFIG.CGI
#!/bin/sh
#

ARGS="eth0 192.168.1.10"
echo -e "Content-Type: text/html\n\n"
echo "<HTML><HEAD><TITLE>iwconfig</TITLE>"
echo "</HEAD>"
echo "<BODY BGCOLOR="#f0f0f0">"
echo "<FONT FACE="Helvetica,Arial" SIZE=3> IWCONFIG $ARGS"
/sbin/ifconfig $ARGS
$DOCUMENT_ROOT/cgi-bin/iwconfig.pl "$ARGS"
echo "</BODY>"
echo "</HTML>"

IWCONFIG.PL
#!/usr/bin/perl -w
#
#print "Content-Type: text/html\n\n";

use Cwd;
use File::Copy ();
use File::Find ();
use File::Path ();
use File::Remote ();
use FileHandle ();
use File::Spec ();
use Shell;

$args=shift;
print "PERL1 $args\n\n";
$program="/sbin/ifconfig";

system "$program $args";
$exit_code = $? >> 8;
print "RET1=";
print $exit_code;
print "\n\n";

TonyB

 
 
 

executing /sbin/ifconfig from a /cgi-bin script

Post by Harve » Mon, 10 Mar 2003 22:57:17



>I need to have a web page dispatch an
>'/sbin/ifconfig eth0 host' command from
>an embedded keyboard-less Linux.

>I have tried a bash cgi script that
>calls a suidperl script in /root or /
>to execute the ifconfig from within
>a perl function
>  system "$program $args";

Apache generally runs as the 'www' or 'nobody' user. Do not run it as
root. (It won't let you run it as root unless you set some
compile-time options, I think.)

To the best of my knowledge, the suid bit is ignored on scripts, which
is probably what is causing the problem.

I have an administration page that performs some similar functions,
and I use the program 'sudo' to obtain access.

My page uses php to call sudo in a simple system("sudo ifconfig..."
manner - you should be able to do the same in perl. You will have to
install sudo and put a representative entry in the sudoers file if you
don't have it already set up - be sure to config that so it only lets
you execute the commands you really need to execute, or you've just
created a security mess.

This should help.

H

 
 
 

1. /cgi-bin/phf /cgi-bin/test-cgi /cgi-bin/handler

I've been seeing a number of attacks of this sort recently
from various sites in the http logs.  The time correlation
between the logs on various hosts suggests that the attacker
was scanning sequentially upward in IP addresses.  Since all
tcp and udp packets to ports below 1024 except for http,
smtp, and ident are filtered out for most, including the
attacking, sites, I'm not seeing anything else in the logs.

209.61.73.47 - - [04/Jul/1998:07:19:27 -0500] "GET /cgi-bin/phf" 404 -
209.61.73.47 - - [04/Jul/1998:07:19:28 -0500] "GET /cgi-bin/test-cgi" 404 -
209.61.73.47 - - [04/Jul/1998:07:19:28 -0500] "GET /cgi-bin/handler" 404 -

Is this a signature of some known attackware?  If so, what
other attacks accompany these http probes?

--

2. JDBC problem: SQLException Error en Connect No suitable driver

3. scohttp80 will not execute scripts in cgi-bin -Reply

4. Check this out! small TCP/IP platform with HTTP, FTP and telnet server.

5. scohttp80 will not execute scripts in cgi-bin

6. Question on Build.

7. Cannot execute cgi-bin scripts on Solaris

8. Are You Sun Certified Solaris Administrator?

9. cgi-bin/view-source?cgi-bin/view-source

10. Execute cgi outside of cgi-bin

11. Cannot execute CGI programs in /cgi-bin with Apache

12. /usr/bin, /usr/local/bin, /sbin or /opt/bin, /var/opt/bin - I'm confused.

13. apache: give /home/mailman/cgi-bin permissions to run cgi-scripts.