Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Luke Drumm on November 03, 2002, 09:36:21 AM

Title: CGI with Root
Post by: Luke Drumm on November 03, 2002, 09:36:21 AM

Hi,

I'm currently writing a small bit of CGI that will allow me to dynamically alter the SSHD section of the hosts.allow file.

All is well except when I get around to tasks that require privlidges greater than what the apache httpd tasks have.

What's the preferred method of getting a PHP script to expand a template (ie. call /sbin/e-smith/expand-template)?

Regards,
Luke

Title: Re: CGI with Root
Post by: Charlie Brady on November 03, 2002, 09:21:15 PM

Luke Drumm wrote:

> What's the preferred method of getting a PHP script to expand
> a template (ie. call /sbin/e-smith/expand-template)?

There isn't one. PHP isn't a secure language to work with, even when not privileged. It's the last language I'd use for any security sensitive development.

It sounds like you are developing something like a manager add-on. There are plenty of examples in perl of such pivileged scripts, and the standard RPM build procedure assigns the needed setuid privileges.

[The devinfo mailing list exists to discuss issues such as this).

Charlie

Title: Re: CGI with Root
Post by: Luke Drumm on November 03, 2002, 11:46:19 PM

Perl it is then. :)

Off to the developer mailing list I go....