|
osdir.com mailing list archive |
|
Subject: RE: apache mod_perl + suid question - msg#00197List: apache.mod-perlI have something very similar to what you mention below..only that I am taking the username and passwd from the apache gui. Then I encrypt the passwd and send that to wrapper(i.e. suid_file) script. So I have something like system($wrapper), where $wrapper = suid_file.pl "encrupted passwd" "username". I changed the suid_file to 4750 and have the ownership and group as root,root. I am also runing Apache as root. I don't have httpd as a user or group. Do I need to ? Also do I need to use the ystem command, can't I just do $ret = `$wrapper` ? thanks. -Tushar -----Original Message----- From: Vitor [mailto:vsmori@xxxxxxxxxx] Sent: Friday, July 26, 2002 7:04 PM To: pandit_tushar@xxxxxxx; modperl@xxxxxxxxxxxxxxx Subject: RES: apache mod_perl + suid question Hello Tushar, Try this : $suid_file = "file_path/suidfile.pl"; $user = "nobody"; $passwd = "kdsak"; (system($suid_file,$user,$$passwd)) or die "Error in suid operation $! "; Note that suid_file need the following commands : - chmod 4750 - chown root:httpd Regards, Vitor -----Mensagem original----- De: pandit_tushar@xxxxxxx [mailto:pandit_tushar@xxxxxxx] Enviada em: sexta-feira, 26 de julho de 2002 19:41 Para: modperl@xxxxxxxxxxxxxxx Assunto: apache mod_perl + suid question Hello, I am trying to write a password changing program. For this I have a mod_perl subroutine from where I am trying to execute a perl script(with suid permissions 4711), which is a wrapper and in turn calls the usermod command on linux with the old and new passwords. The problem I am having: 1: The usermod command doesn't get executed. I have tried debugging this...by having a log file(/usr/local/apache/logs) and the mod_perl process does open the wrapper script..but then does nothing. It does not execute the command. What am I doing wrong ? I know there might be some quirks with suid permissons and I would like to know how can I overcome this. I have something like below from mod_perl subroutine: my $ret_val = `$wrapper`; Within the wrapper perl script, I call usermond with the passwds by doing: $ret = `$usermondcmd 2>&1` Any help would be much appreciated. thanks a lot. -Tushar Thread at a glance:
Previous Message by Date: click to view message previewPerlAccessHandlerFolks, My PerlAccessHandler is being executed twice per each request. Is this a normal behavior for an access handler? Here is my .conf entry <Location /myHandler> SetHandler perl-script # run is a wrapper for my handler # all common methods which many of my handlers # use are stored in the super class of myHandler # in which run is a part of. # Also wraps myHandler in a try {} catch { ... # block. PerlHandler myHandler->run PerlAccessHandler myAccess . . . </Location> The access handler's job is to check for cookies and last login time. There are no fancy codes there... However, on every request, the handler is invoked twice. Can someone make a suggestion as to why this is happening? Thanks in advance -r Next Message by Date: click to view message previewRE: apache mod_perl + suid questionAhhh...forgot to mention...but the below approach did't work :-( It does not even go into the wrapper script when I use the system command. thanks. -----Original Message----- From: pandit_tushar@xxxxxxx [mailto:pandit_tushar@xxxxxxx] Sent: Friday, July 26, 2002 7:13 PM To: vsmori@xxxxxxxxxx; modperl@xxxxxxxxxxxxxxx Subject: RE: apache mod_perl + suid question Thanks Vitor... I have something very similar to what you mention below..only that I am taking the username and passwd from the apache gui. Then I encrypt the passwd and send that to wrapper(i.e. suid_file) script. So I have something like system($wrapper), where $wrapper = suid_file.pl "encrupted passwd" "username". I changed the suid_file to 4750 and have the ownership and group as root,root. I am also runing Apache as root. I don't have httpd as a user or group. Do I need to ? Also do I need to use the ystem command, can't I just do $ret = `$wrapper` ? thanks. -Tushar -----Original Message----- From: Vitor [mailto:vsmori@xxxxxxxxxx] Sent: Friday, July 26, 2002 7:04 PM To: pandit_tushar@xxxxxxx; modperl@xxxxxxxxxxxxxxx Subject: RES: apache mod_perl + suid question Hello Tushar, Try this : $suid_file = "file_path/suidfile.pl"; $user = "nobody"; $passwd = "kdsak"; (system($suid_file,$user,$$passwd)) or die "Error in suid operation $! "; Note that suid_file need the following commands : - chmod 4750 - chown root:httpd Regards, Vitor -----Mensagem original----- De: pandit_tushar@xxxxxxx [mailto:pandit_tushar@xxxxxxx] Enviada em: sexta-feira, 26 de julho de 2002 19:41 Para: modperl@xxxxxxxxxxxxxxx Assunto: apache mod_perl + suid question Hello, I am trying to write a password changing program. For this I have a mod_perl subroutine from where I am trying to execute a perl script(with suid permissions 4711), which is a wrapper and in turn calls the usermod command on linux with the old and new passwords. The problem I am having: 1: The usermod command doesn't get executed. I have tried debugging this...by having a log file(/usr/local/apache/logs) and the mod_perl process does open the wrapper script..but then does nothing. It does not execute the command. What am I doing wrong ? I know there might be some quirks with suid permissons and I would like to know how can I overcome this. I have something like below from mod_perl subroutine: my $ret_val = `$wrapper`; Within the wrapper perl script, I call usermond with the passwds by doing: $ret = `$usermondcmd 2>&1` Any help would be much appreciated. thanks a lot. -Tushar Previous Message by Thread: click to view message previewRE: apache mod_perl + suid questionYes, I am running it as /usr/sbin/usermod. I can run my wrapper with a simple perl script written on linux. The problem appears when I try to run it through the apache mod_perl. thanks. -Tushar -----Original Message----- From: Philip Mak [mailto:pmak@xxxxxxxxxxxxxx] Sent: Friday, July 26, 2002 6:50 PM To: pandit_tushar@xxxxxxx Cc: modperl@xxxxxxxxxxxxxxx Subject: Re: apache mod_perl + suid question On Fri, Jul 26, 2002 at 06:40:31PM -0400, pandit_tushar@xxxxxxx wrote: > 1: The usermod command doesn't get executed. I have tried debugging > this...by having a log file(/usr/local/apache/logs) and the mod_perl > process does open the wrapper script..but then does nothing. It does > not execute the command. What am I doing wrong ? Try '/usr/sbin/usermod' instead of 'usermod'. It may be a path issue. Also, 'usermod' might have to be run interactively (rather than reading from standard input), so you may have to create a virtual terminal in order to interface with usermod. (I might be wrong on this, and I can't elaborate further.) Next Message by Thread: click to view message previewRES: apache mod_perl + suid questionTushar, It's not recommeded to run apache as root. (Security issues). I have some applications that uses system command under mod_perl without problems. Try to execute you wrapper script in command line. Execute it with /usr/bin/perl -T (tainted mode), that checks if your script is safe. If you got error results, you will know why it's not working. $ret = `$wrapper` , also should work in you configuration (running apache as root). Regards, Vitor -----Mensagem original----- De: pandit_tushar@xxxxxxx [mailto:pandit_tushar@xxxxxxx] Enviada em: sexta-feira, 26 de julho de 2002 20:13 Para: vsmori@xxxxxxxxxx; modperl@xxxxxxxxxxxxxxx Assunto: RE: apache mod_perl + suid question Thanks Vitor... I have something very similar to what you mention below..only that I am taking the username and passwd from the apache gui. Then I encrypt the passwd and send that to wrapper(i.e. suid_file) script. So I have something like system($wrapper), where $wrapper = suid_file.pl "encrupted passwd" "username". I changed the suid_file to 4750 and have the ownership and group as root,root. I am also runing Apache as root. I don't have httpd as a user or group. Do I need to ? Also do I need to use the ystem command, can't I just do $ret = `$wrapper` ? thanks. -Tushar -----Original Message----- From: Vitor [mailto:vsmori@xxxxxxxxxx] Sent: Friday, July 26, 2002 7:04 PM To: pandit_tushar@xxxxxxx; modperl@xxxxxxxxxxxxxxx Subject: RES: apache mod_perl + suid question Hello Tushar, Try this : $suid_file = "file_path/suidfile.pl"; $user = "nobody"; $passwd = "kdsak"; (system($suid_file,$user,$$passwd)) or die "Error in suid operation $! "; Note that suid_file need the following commands : - chmod 4750 - chown root:httpd Regards, Vitor -----Mensagem original----- De: pandit_tushar@xxxxxxx [mailto:pandit_tushar@xxxxxxx] Enviada em: sexta-feira, 26 de julho de 2002 19:41 Para: modperl@xxxxxxxxxxxxxxx Assunto: apache mod_perl + suid question Hello, I am trying to write a password changing program. For this I have a mod_perl subroutine from where I am trying to execute a perl script(with suid permissions 4711), which is a wrapper and in turn calls the usermod command on linux with the old and new passwords. The problem I am having: 1: The usermod command doesn't get executed. I have tried debugging this...by having a log file(/usr/local/apache/logs) and the mod_perl process does open the wrapper script..but then does nothing. It does not execute the command. What am I doing wrong ? I know there might be some quirks with suid permissons and I would like to know how can I overcome this. I have something like below from mod_perl subroutine: my $ret_val = `$wrapper`; Within the wrapper perl script, I call usermond with the passwds by doing: $ret = `$usermondcmd 2>&1` Any help would be much appreciated. thanks a lot. -Tushar Loading Comments...
|
|
