Re: execute application from webinterface

To: debian-security <debian-security@lists.debian.org>
Subject: Re: execute application from webinterface
From: Adam ENDRODI <borso@vekoll.saturnus.vein.hu>
Date: Thu, 4 Sep 2003 12:28:59 +0200
Message-id: <[🔎] 20030904102859.GA10799@ildicow.saturnus.vein.hu>
In-reply-to: <[🔎] 3F53D870.3030305@inf.fu-berlin.de>
References: <[🔎] MKEHIJCBHHEMOIECDAKPOEILCAAA.mario.ohnewald@gmx.de> <[🔎] 200309012224.06302.jens@freebsdforum.de> <[🔎] 3F53D870.3030305@inf.fu-berlin.de>

On Tue, Sep 02, 2003 at 01:38:24AM +0200, Christopher Taylor wrote:
> Jens Gutzeit wrote:
> >On Monday 01 September 2003 21:53, mario ohnewald wrote:
> >>What is the securest way of starting a application, like ping, from a
> >>webinterface as a diffrent user.
> what's wrong with making the program suid-to-some-other-user (not root) 
> and then just executing it? I reallize this doesn't work for ping, which 
> is suid-to-root anyway.

It doesn't work for scripts.  I don't like the sudo approach
either.  Instead, I've written a tiny suexec-like wrapper which
does nothing but changes its uid to match the owner of the program
prior to executing it.

bit,
adam

-- 
1024D/37B8D989 954B 998A E5F5 BA2A 3622  82DD 54C2 843D 37B8 D989      
finger://borso@vekoll.vein.hu | Some days, my soul's confined
http://www.keyserver.net | And out of mind
Sleep forever

Reply to:

References:
- execute application from webinterface
  - From: "mario ohnewald" <mario.ohnewald@gmx.de>
- Re: execute application from webinterface
  - From: Jens Gutzeit <jens@freebsdforum.de>
- Re: execute application from webinterface
  - From: Christopher Taylor <taylor@inf.fu-berlin.de>

Prev by Date: Re: OpenSSH
Next by Date: Kernel 2.4.21+grsecurity+p-o-m
Previous by thread: Re: execute application from webinterface
Next by thread: Re: execute application from webinterface
Index(es):
- Date
- Thread