[Wellington-pm] perl-suid deprecated, in favour of what?

Grant McLean grant at mclean.net.nz
Tue May 23 01:05:33 PDT 2006


On Tue, 2006-05-23 at 18:19 +1200, Lesley Walker wrote:
> On Tue, 2006-05-23 at 16:53 +1200, Lesley Walker wrote:
> > Thanks guys, much appreciated. I think I've got it now.
> 
> Argh!
> 
> My script is now able to be called through the wrapper, but doing it
> this way appears to have caused something to break.
> 
> We use some kind of magic involving the browser id string to identify
> users - should I expect that stuff to get passed through the wrapper to
> the real script, or do I have to do something specific to avoid having
> it dropped into the bit bucket?

Whether sudo passes environment variables through or not will depend on
the configuration in the sudoers file and the compile-time options when
sudo was built.  I have a feeling that the Sarge build of sudo is fairly
restrictive by default.  If you wanted to pass an environment variable
called (for example) REMOTE_ADDRESS then you could add an entry like
this to sudoers:

Defaults:www-data env_keep += REMOTE_ADDRESS

Having said that, it might be safest to do all the environment and
argument parsing in the CGI script and pass anything to the other script
via command-line arguments.  It would certainly be easier to debug.

Regards
Grant




More information about the Wellington-pm mailing list