On Monday 01 September 2003 21:53, mario ohnewald wrote: > Hello List! > What is the securest way of starting a application, like ping, from a > webinterface as a diffrent user. > Lets say, to run ping 123.456.789.000 as user user123. > > If i use "system", it executes it as www-data.
you need sudo or another setuid wrapper programm (like suexec if you use apache and the script can be run as cgi), but if this thing has a security problem, like a buffer overflow, you might end up with a root exploit, so I would suggest to leave it running as www-data or setup a second webserver instance as a different user. > > Any idea how i could solve this problem? > With php, perl, bash, etc... ? It's not a problem of the programming language, you just need to understand unix and the permission system. What ever method you prefer, make sure that any user input is properly validaded, and strip shell-meta-characters and so on. > > Thank you very much in advance! > > Cheers, Mario Jens -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
