Thanks Peter,
I was thinking about it too ... changing the content of interface configuration (in
/etc/sysconfic/...), then by using cron job, make the change happen. But still, how
often I must
run the cron? I was thinking like every 10 seconds? hmm not good idea because this
process will
not happen too often (why would someone keep changing ip address of an interface? :D).
As of my cgi, yes, I use full path -> system("/sbin/ifup ".$device);
I found another workaround by setting $ENV('PATH') = "/sbin"; But I got different
error :
Tue Dec 10 17:10:28 2002] [error] [client 10.0.0.88] Users cannot control this
device., referer: http://10.0.0.50/cgi-bin/editconfig.pl
Someone suggested me to change to $ENV('PATH') = ""; Hmmm... another trial and error :(
This is something new to me, executing cgi that needs root permission. Before I use
#!/usr/bin/suidperl, I can NOT change any file in /etc/sysconfig. The cgi (or even
just a perl
script) run without error, but it did not alter the file ...
Regards,
kapot.
--- Peter Kappus <[EMAIL PROTECTED]> wrote:
[..deleted..]
> Instead of doing everything from the CGI, what I would do is write one Perl
> CGI to gather your config input from the user and write it to a file. Then,
> create a second script which will take run as root (as a cron job?) and read
> the config file written by your first script and act accordingly.
[..deleted..]
> where the script can't find "ifup" Are you calling it as ifup or /sbin/ifup?
>
> good luck!
>
> -peter
>
>
> -----Original Message-----
> From: Admin-Stress [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, December 10, 2002 1:29 PM
> To: perl cgi
> Subject: RE: can we use "system()" inside cgi ?
>
>
> I did read it, but still dont understand. What does "tainted" means?
>
> I changed my cgi like this :
>
> #!/usr/bin/suidperl
>
> Then :
>
> chown root:root saveconfig.pl
> chmod 755 saveconfig.pl
>
> It's now 'partly working', it can changed the content of /etc/sysconfig/...
> by overwriting it's
> content (open ... print ... close).
>
> But, still, I cant executing /sbin/ifup /sbin/ifdown.
>
> Basically, I dont know the way suidperl working nor executing cgi which
> neeed root permission.
>
> That work around I just found it with trial and error. If someone could
> explain or just tell me
> what should I do in terms of permission setting or modification. What I need
> is just :
>
> overwriting /etc/sysconfig/...
> executing /sbin/ifup /sbin/ifdown
>
> I must finish this project the day after tomorrow :((
>
> Thanks.
> kapot
>
> --- [EMAIL PROTECTED] wrote:
> > You need to read up on tainted variables, I think.
> >
> > perldoc perlsec
> >
> > The problem isn't that it is a CGI, pretty sure the problem is that it is
> setuid.
> >
> > http://danconia.org
> >
> > ------------------------------------------------
> > On Tue, 10 Dec 2002 07:20:16 -0800 (PST), Admin-Stress
> <[EMAIL PROTECTED]> wrote:
> >
> > > I got this error :
> > >
> > > [error] [client 10.0.0.88] Insecure $ENV{PATH} while running setuid at
> > > /var/www/cgi-bin/ifcfg_rh80.pl line 60., referer:
> http://10.0.0.50/cgi-bin/editconfig.pl
> > >
> > > And line 60 of ifcfg_rh80.pl is :
> > >
> > > system("/sbin/ifdown $device");
> > > sleep 2;
> > > system("/sbin/ifup $device");
> > >
> > > I chmoded +s both editconfig.pl and ifcfg_rh80.pl.
> > >
> > > And I installed suid-perl ...
> > >
> > > Anything else that I can do? I made a cgi to change server ip address.
> > >
> > > Thanks.
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
