Re: execute application from webinterface

To: debian-security@lists.debian.org
Subject: Re: execute application from webinterface
From: Zeljko Brajdic <zeljko.brajdic@iskon.hr>
Date: Wed, 26 Nov 2003 13:59:30 +0100
Message-id: <[🔎] 1069851570.30502.140.camel@zorz.zg.iskon.hr>
Reply-to: zeljko.brajdic@iskon.hr
In-reply-to: <0c5701c37180$393da640$0100a8c0@k1>
References: <MKEHIJCBHHEMOIECDAKPOEILCAAA.mario.ohnewald@gmx.de> <0c5701c37180$393da640$0100a8c0@k1>

On Tue, 2003-09-02 at 20:29, Woon Wai Keen @ doubleukay.com wrote:
> ----- Original Message ----- 
> From: "mario ohnewald" <mario.ohnewald@gmx.de>
> To: <debian-security@lists.debian.org>
> Sent: Tuesday, September 02, 2003 3:53 AM
> Subject: execute application from webinterface
> 
> 
> > What is the securest way of starting a application, like ping, from a
> > webinterface as a diffrent user.
> > Lets say, to run ping 123.456.789.000 as user user123.
> >
> > If i use "system", it executes it as www-data.
> >
> > Any idea how i could solve this problem?
> > With php, perl, bash, etc... ?
> 
> sudo can do this , and is probably universal across php/perl/bash/anything
> that can execute system commands :)
> 
> first    : visudo
> then add : www-data ALL=(ALL) NOPASSWD: /bin/ping 123.456.789.000
> 
> save, and then from your web app, call system("sudo /bin/ping
> 123.456.789.000") !

Why involving sudo?! You have suexec that came with apache, pretty
little thing that do very well. 

Write your script for pinging, chown to user and that's it.
-- 
v            ,   v  v
Zeljko Brajdic - Zorz

Reply to:

Prev by Date: development of sarge
Next by Date: Re: Fwd: Cron <root@mars> apt-get update && apt-get -y upgrade
Previous by thread: Re: development of sarge
Next by thread: strange reboot on woody
Index(es):
- Date
- Thread