Here's a suggestion.
When you receive data from a form, the cgi that
parses this data should run as an ordinary user. The
process will act as a buffer, cleaning data, looking
for invalid values, and other oddities. Then when
all concerns are satisfied, the data is written to
disk to be picked up by another process that IS
running as root.
... and if you're really paranoid, you can have the
second root-privilaged process check over the data
again, just in case it was changed after being
written to disk.
No method is totally secure, but at least this way
insulates you from direct attacks against your code.
I welcome comments from all on this method.
---- Bill Pierson <[EMAIL PROTECTED]> wrote:
> Thanks for your replies. Actually, I'd like to be
able to modify system
> config files, stop and restart daemons, etc.
>
> I'm not aware of the different ways to accomplish
this; any tips would be
> appreciated.
>
> The server is in a "protected" environment.....
>
>
> --Bill
>
>
> -----Original Message-----
> From: Farouk Khawaja [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 27, 2001 10:44 PM
> To: Bill Pierson; [EMAIL PROTECTED]
> Subject: Re: Running PERL as root
>
> ---- Bill Pierson <[EMAIL PROTECTED]> wrote:
> > I have a quick question about running a perl
> program as root via CGI.
> > I would assume it's platform dependant, and in my
> situation I have Linux
> > Redhat 7.1 w/Apache 1.3.19 webserver.
> >
> > This question is a little off-topic, however I'm
> guessing that a few of you
> > may have tackled this issue before.
> >
> > Thanks again,
> > --Bill
>
> I wouldn't run any CGI script as root, no matter how
> securly I belive I've written it. What are you
> trying to do that would require root permission to
> accomplish?
>
> Maybe you can explore alternatives.
>
>
>
>
>
