Re: [cgiwrap-users] A begginer's question about "security checks"
Brought to you by:
nneul
Menu
▾
▴
Re: [cgiwrap-users] A begginer's question about "security checks"
|
From: Ali G. <gha...@gm...> - 2011-08-22 13:29:36
|
now I see. thank you. On Mon, Aug 22, 2011 at 5:56 PM, Nathan Neulinger <nn...@ne...>wrote: > No - the whole point is to run the scripts with individual user level > permissions. You probably should seek some assistance from a knowledgeable > admin for how to do it securely. > > For limited admin functionality, you most likely will want to use sudo with > a NOPASSWD entry for the SPECIFIC commands that you want to use from the cgi > script, but even with that you need to be very careful with how you do it or > you're going to open up security holes. > > -- Nathan > > > On 08/22/2011 08:23 AM, Ali Ghanavatian wrote: > >> allright, correct me if I'm wrong: I can't run a perl/script which >> executes "/sbin/*" stuff like "/sbin/iptables" using >> this wrapper, unless I change the owner of all "cgi-bin/*" scripts to >> "root". >> >> >> On Mon, Aug 22, 2011 at 5:47 PM, Nathan Neulinger <nn...@ne...<mailto: >> nn...@ne...>> wrote: >> >> Mainly stuff like whether the script is setuid, or has improper >> permissions (i.e. 777) or isn't owned by the same >> user as the account it would be running as. >> >> -- Nathan >> >> On 08/19/2011 08:55 PM, Ali Ghanavatian wrote: >> >> Hello world! >> I just found cgiwrapper, I was reading this page. at the end of >> first paragraph it says "...In addition, several >> security checks are performed on the script, which will not be >> executed if any checks fail. " >> >> I counld'nt find anything about those "security checks". i'd >> appreciate it if you guys help me with a link or >> any details. >> >> -- >> Sincerely >> A. Ghanavatian <http://www.google.com/__**profiles/ghanavatian.ali<http://www.google.com/__profiles/ghanavatian.ali>< >> http://www.google.com/**profiles/ghanavatian.ali<http://www.google.com/profiles/ghanavatian.ali> >> >> >> >> >> >> >> ------------------------------**__----------------------------** >> --__------------------ >> Get a FREE DOWNLOAD! and learn more about uberSVN rich system, >> user administration capabilities and model configuration. Take >> the hassle out of deploying and managing Subversion and the >> tools developers use with it. http://p.sf.net/sfu/wandisco-_** >> _d2d-2 <http://p.sf.net/sfu/wandisco-__d2d-2> < >> http://p.sf.net/sfu/wandisco-**d2d-2 <http://p.sf.net/sfu/wandisco-d2d-2> >> > >> >> >> >> ______________________________**___________________ >> cgiwrap-users mailing list >> cgiwrap-users@lists.__sourcefo**rge.net <http://sourceforge.net><mailto: >> cgiwrap-users@lists.**sourceforge.net<cgi...@li...> >> > >> >> https://lists.sourceforge.net/**__lists/listinfo/cgiwrap-users<https://lists.sourceforge.net/__lists/listinfo/cgiwrap-users> >> <https://lists.sourceforge.**net/lists/listinfo/cgiwrap-**users<https://lists.sourceforge.net/lists/listinfo/cgiwrap-users> >> > >> >> >> -- >> ------------------------------**__----------------------------**-- >> Nathan Neulinger nn...@ne... <mailto:nn...@ne...> >> >> Neulinger Consulting (573) 612-1412 >> >> >> >> >> -- >> Sincerely >> A. Ghanavatian <http://www.google.com/**profiles/ghanavatian.ali<http://www.google.com/profiles/ghanavatian.ali> >> > >> >> > -- > ------------------------------**------------------------------ > > Nathan Neulinger nn...@ne... > Neulinger Consulting (573) 612-1412 > -- Sincerely A. Ghanavatian <http://www.google.com/profiles/ghanavatian.ali> |
