Jeff Rouse/NCO/CEtv [[EMAIL PROTECTED]] quoth:
*>
*>Basically the process I wish to send a kill signal to is a redirector for
*>squid. The process is owned by the squid user. The kill signal makes the
*>redirector dump statistics about itself to a file. I want to run a script
*>from my cgi-bin which will run as user nobody that can send the kill signal
*>to the process that squid owns. The script works fine when run as root.
Sometimes things don't work for good reason. Having a process owned by
'nobody' able to kill a real user process? An SA would go into apoplectic
shock right about now...oh, and from the web too...gads, call the
paramedics.
The feature known as 'suidperl' is what you are looking for most likely.
Also, your system may have suid restrictions such as -nosuid with
automount or NFS on some of the filesystems, etc.
There have been a couple of CERT advisories in the last few years on the
dangers of using suidperl and suid in general is a less than stellar idea
for anything, unless you are aware of the risks involved.
*>Does anyone know how I can get my perl script to run as another user and
*>issue a kill signal to a process?
http://perldoc.cpan.org/ and read the perlsec pod
Also, "Web Security" by Lincoln Stein, ISBN: 0201634899, may be a good
introduction for you. He also maintains the WWW Security FAQ that has a
load of good info http://www.w3.org/Security/Faq/index.html#contents.
Don't run suid if you don't have to-ever. Ask yourself why nobody needs
to kill real system user processes and perhaps either redesign or try
something else. Usually it's a matter of being lazy and lazy doesn't win
when you want a reasonably secure system.
e.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
