SPUG: setuid & CGI security (was: site clutter)
William Julien
moonbeam at catmanor.com
Tue Jun 26 02:49:46 CDT 2001
>>
>> So, if User A runs his scripts as "nobody" and User B runs her scripts
>> as "nobody", what could User A do to User B?
>>
>
>Almost anything, edit files, remove files, compile source, run a perl
>debugger interactively. A couple of references:
> http://www.speakeasy.org/~cgires/exec.html
> http://www.speakeasy.org/~cgires/modules/ (see cgidebug.pl)
>
>I have frequently found these tools to be quite helpful, though also
>scary.
>
thanks for the reminder! I have read these pages and used the techniques
in the past to compile C programs on a server that had no login access.
It not only taught me a lot about the cgi environment, but enabled me
how to do the "impossible". For a while, halcyon restricted their shell
login to their web server. It ran on a different arch, and the only way
to update my C based cgi bin was via CGI.
It was a bit tricky to setup, because the server as running as "nobody".
But with a view promiscusous settings, I was able to recompile my code.
---
William Julien _,'| _.-''``-...___..--';
moonbeam at catmanor.com /, \'. _..-' , ,--...--'''
vi is my shepherd; < \ .`--''' ` /|
i shall not font. `-,;' ; ; ;
__...--'' __...--_..' .;.'
(,__....----''' (,..--''
perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
perl -e '( $ ,, $ ")=("a".."z")[0,-1]; print "sh", $ ","m\n";;";;"'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
POST TO: spug-list at pm.org PROBLEMS: owner-spug-list at pm.org
Subscriptions; Email to majordomo at pm.org: ACTION LIST EMAIL
Replace ACTION by subscribe or unsubscribe, EMAIL by your Email-address
For daily traffic, use spug-list for LIST ; for weekly, spug-list-digest
Seattle Perl Users Group (SPUG) Home Page: http://www.halcyon.com/spug/
More information about the spug-list
mailing list