Perl and setuid
Keary Suska
aksuska at webflyer.com
Tue Jun 5 16:54:06 CDT 2001
Isn't that supposed to be "chmod 4755" ?
Remember that suid Perl scripts have taint checking automatically turned on,
which can cause significant gotchas for scripts that aren't expecting it. Of
course, any good cgi should be run under taint checking....
-K
> From: John Evans <evansj at kilnar.com>
> Date: Tue, 5 Jun 2001 13:57:30 -0400 (EDT)
> To: Pikes Peak Perl Mongers <pikes-peak-pm-list at happyfunball.pm.org>
> Subject: Perl and setuid
>
> Greetings,
> I am trying to get a Perl script to run as a CGI under Apache
> 1.3.19 with suid privilages. The script that I am running is cvsweb (for
> those of you that are familiar with it.)
> The reason that I want to use suid, is that I don't want to have
> to make my $CVSROOT world read/write so that cvsweb (running as nobody via
> Apache) can access the files. I would like to retain the current
> permissions on the $CVSROOT, but allow cvsweb to read the files and write
> to the history if needed. The only way that I know how to do this is via
> setuid.
> I have done "chmod 6755" on the script, but it still appears to be
> running with the permissions of the nobody account. Is there something
> that needs to be done in the Perl script itself to make the setuid work
> properly?
>
> Thanks.
>
> --
> John Evans
> http://evansj.kilnar.com/
>
>
>
More information about the Pikes-peak-pm
mailing list