The outline of what I do (in C) is:
1. Write the CGI program in C, put setuid(0), setgid(0) statements in
that file and then perform any other actions (including calling other
scripts)
2. Set the S bit of the executable of the CGI binary compiled from the
C file (chmod +S xxx.cgi)
The C code runs thats compiled to xxx.cgi is roughly this:
main(argc, argv)
{
setuid(0);
setgid(0);
/* IO plumbing for get/post */
execv("/usr/lib/cgi-bin/main.sh",argv);
}
where main.sh does all the root-ish things in shell.
Now I'll be honest here. This is a friend's code. He's written it in
C + shell. I said an all-python solution may be easier. He said "Show
me!"
Now I gather (
http://mail.python.org/pipermail/python-list/2000-July/044690.html
)
this is doable in perl and straightforward in C but not possible in python
--
http://mail.python.org/mailman/listinfo/python-list
