[Chicago-talk] chown inside a script
Jonathan Rockway
jon at jrock.us
Wed Dec 5 20:38:10 PST 2007
On Wed, 2007-12-05 at 22:28 -0600, Jay Strauss wrote:
> Thanks.
>
> But I don't think that will work in my case, because I'm doing it from
> a web page, I had to create an suid link to chown, to call from my
> cgi.
>
> Unless there is some way to do it from inside perl, but still change
> ownership of file not owned by the webserver.
This is a massive security nightmare. Consider the case where someone
symlinks /path/that/matches/your.glob to /etc/shadow. You've just
rendered the system unusable.
Also, keep in mind that you can't create a "setuid link". chmod follows
symlinks and updates the original file.
Regards,
Jonathan Rockway
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mail.pm.org/pipermail/chicago-talk/attachments/20071205/7e47368d/attachment.bin
More information about the Chicago-talk
mailing list