Re: [cgiwrap-users] A begginer's question about "security checks"
Brought to you by:
nneul
From: Nathan N. <nn...@ne...> - 2011-08-22 13:26:58
|
No - the whole point is to run the scripts with individual user level permissions. You probably should seek some assistance from a knowledgeable admin for how to do it securely. For limited admin functionality, you most likely will want to use sudo with a NOPASSWD entry for the SPECIFIC commands that you want to use from the cgi script, but even with that you need to be very careful with how you do it or you're going to open up security holes. -- Nathan On 08/22/2011 08:23 AM, Ali Ghanavatian wrote: > allright, correct me if I'm wrong: I can't run a perl/script which executes "/sbin/*" stuff like "/sbin/iptables" using > this wrapper, unless I change the owner of all "cgi-bin/*" scripts to "root". > > > On Mon, Aug 22, 2011 at 5:47 PM, Nathan Neulinger <nn...@ne... <mailto:nn...@ne...>> wrote: > > Mainly stuff like whether the script is setuid, or has improper permissions (i.e. 777) or isn't owned by the same > user as the account it would be running as. > > -- Nathan > > On 08/19/2011 08:55 PM, Ali Ghanavatian wrote: > > Hello world! > I just found cgiwrapper, I was reading this page. at the end of first paragraph it says "...In addition, several > security checks are performed on the script, which will not be executed if any checks fail. " > > I counld'nt find anything about those "security checks". i'd appreciate it if you guys help me with a link or > any details. > > -- > Sincerely > A. Ghanavatian <http://www.google.com/__profiles/ghanavatian.ali <http://www.google.com/profiles/ghanavatian.ali>> > > > > ------------------------------__------------------------------__------------------ > Get a FREE DOWNLOAD! and learn more about uberSVN rich system, > user administration capabilities and model configuration. Take > the hassle out of deploying and managing Subversion and the > tools developers use with it. http://p.sf.net/sfu/wandisco-__d2d-2 <http://p.sf.net/sfu/wandisco-d2d-2> > > > > _________________________________________________ > cgiwrap-users mailing list > cgiwrap-users@lists.__sourceforge.net <mailto:cgi...@li...> > https://lists.sourceforge.net/__lists/listinfo/cgiwrap-users > <https://lists.sourceforge.net/lists/listinfo/cgiwrap-users> > > > -- > ------------------------------__------------------------------ > Nathan Neulinger nn...@ne... <mailto:nn...@ne...> > Neulinger Consulting (573) 612-1412 > > > > > -- > Sincerely > A. Ghanavatian <http://www.google.com/profiles/ghanavatian.ali> > -- ------------------------------------------------------------ Nathan Neulinger nn...@ne... Neulinger Consulting (573) 612-1412 |