On Fri, 27 Sep 2013 23:50:02 +0200, Charles Swiger <cswi...@mac.com> wrote:
Hi--
On Sep 27, 2013, at 2:18 AM, Michael BlackHeart <amdm...@gmail.com>
wrote:
Hello there,
It's quite off-topic, but I'm using freebsd-stable,so
The priblem is - running a script that requires root privileges via PHP
(or
probably CGI - I do not care, just want it to be secure and working).
Unfortunately the combination of PHP, doing something which needs root,
and
security are inherently contradictory.
The least risky approach would be to invoke the needed command via sudo,
or
possibly a small setuid-root C wrapper program which launches only the
needed script
with root permissions. Use sudo unless your C wrapper is careful enough
to use
exec() and not system(), sanitizes $PATH and other env variables, and
guards against
games with $IFS, shell metachars, and such.
Regards,
Use sudo, because your home grown C wrapper will make all the mistakes
which are already solved in sudo. Or will be spotted in the future in sudo
and will never be spotted in your program.
Chances are high that future requirements of your C wrapper will turn it
in a little sudo.
Ronald.
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"