>Insecure dependency in `` while running with -T switch at >/usr/sbin/usermod_wrapper.pl line 27
These means that you can't use ``. You need to use system command. $command = "/path/you/need"; system($command); All the additional vars need to be passed through vars : $var1 = "login"; $var2 = "password": system($command,$var1,$var2); If it does not run under -T switch, will not run in mod_perl. >So to get over this problem, I should chown "apachectl" to >the Apache group ? No. >And secondly, if I am running Apache as non-root, then I >will have to use the "system" command ? I cannot use >the $ret = `$wrapper` command. Is this true ? Even running apache as root, you need to follow the tainted mode rules. Regards, Vitor -----Original Message----- From: Vitor [mailto:[EMAIL PROTECTED]] Sent: Friday, July 26, 2002 8:31 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RES: apache mod_perl + suid question Tushar, It's not recommeded to run apache as root. (Security issues). I have some applications that uses system command under mod_perl without problems. Try to execute you wrapper script in command line. Execute it with /usr/bin/perl -T (tainted mode), that checks if your script is safe. If you got error results, you will know why it's not working. $ret = `$wrapper` , also should work in you configuration (running apache as root). Regards, Vitor -----Mensagem original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Enviada em: sexta-feira, 26 de julho de 2002 20:13 Para: [EMAIL PROTECTED]; [EMAIL PROTECTED] Assunto: RE: apache mod_perl + suid question Thanks Vitor... I have something very similar to what you mention below..only that I am taking the username and passwd from the apache gui. Then I encrypt the passwd and send that to wrapper(i.e. suid_file) script. So I have something like system($wrapper), where $wrapper = suid_file.pl "encrupted passwd" "username". I changed the suid_file to 4750 and have the ownership and group as root,root. I am also runing Apache as root. I don't have httpd as a user or group. Do I need to ? Also do I need to use the ystem command, can't I just do $ret = `$wrapper` ? thanks. -Tushar -----Original Message----- From: Vitor [mailto:[EMAIL PROTECTED]] Sent: Friday, July 26, 2002 7:04 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RES: apache mod_perl + suid question Hello Tushar, Try this : $suid_file = "file_path/suidfile.pl"; $user = "nobody"; $passwd = "kdsak"; (system($suid_file,$user,$$passwd)) or die "Error in suid operation $! "; Note that suid_file need the following commands : - chmod 4750 - chown root:httpd Regards, Vitor -----Mensagem original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Enviada em: sexta-feira, 26 de julho de 2002 19:41 Para: [EMAIL PROTECTED] Assunto: apache mod_perl + suid question Hello, I am trying to write a password changing program. For this I have a mod_perl subroutine from where I am trying to execute a perl script(with suid permissions 4711), which is a wrapper and in turn calls the usermod command on linux with the old and new passwords. The problem I am having: 1: The usermod command doesn't get executed. I have tried debugging this...by having a log file(/usr/local/apache/logs) and the mod_perl process does open the wrapper script..but then does nothing. It does not execute the command. What am I doing wrong ? I know there might be some quirks with suid permissons and I would like to know how can I overcome this. I have something like below from mod_perl subroutine: my $ret_val = `$wrapper`; Within the wrapper perl script, I call usermond with the passwds by doing: $ret = `$usermondcmd 2>&1` Any help would be much appreciated. thanks a lot. -Tushar