Hi-- On Sep 27, 2013, at 2:18 AM, Michael BlackHeart <amdm...@gmail.com> wrote: > Hello there, > It's quite off-topic, but I'm using freebsd-stable,so > > The priblem is - running a script that requires root privileges via PHP (or > probably CGI - I do not care, just want it to be secure and working).
Unfortunately the combination of PHP, doing something which needs root, and security are inherently contradictory. The least risky approach would be to invoke the needed command via sudo, or possibly a small setuid-root C wrapper program which launches only the needed script with root permissions. Use sudo unless your C wrapper is careful enough to use exec() and not system(), sanitizes $PATH and other env variables, and guards against games with $IFS, shell metachars, and such. Regards, -- -Chuck _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
