Edit report at http://bugs.php.net/bug.php?id=22890&edit=1
ID: 22890 Comment by: php at richardneill dot org Reported by: gavin at itmerge dot com Summary: CLI setuid scripts don't run setuid Status: Bogus Type: Bug Package: CGI related Operating System: Linux 2.4.18 PHP Version: 4.3.1 New Comment: In 2003, the response was: "There are no plans to implement any perl-like workaround in PHP at the present time." Might I request that, 7 years later, and with much increased use of php as a general-purpose scripting language, it might be worth re-visiting this? Previous Comments: ------------------------------------------------------------------------ [2003-03-26 09:38:21] il...@php.net Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php Uid of the binary, which is PHP is what matters, the script's uid does not matter since it is a parameter. ------------------------------------------------------------------------ [2003-03-26 09:36:02] ed...@php.net Modern kernels on Unix and Unix-like operating systems simply ignore set uid bit on shebang scripts (those that begin with #!). Some interpreters (like perl) choose to implement workaraounds, but if you really need to make a script suid, it is very easy to achieve so with a simple C wrapper program. There are no plans to implement any perl-like workaround in PHP at the present time. ------------------------------------------------------------------------ [2003-03-26 04:05:29] gavin at itmerge dot com whoops spelt posix_geteuid(); wrong :P ------------------------------------------------------------------------ [2003-03-26 03:27:23] gavin at itmerge dot com /* my sample script is */ #!/usr/local/bin/php <?php echo posix_getmyeuid()."\n"; ?> /* root#chown root.vhost /scripts/myscript root#chmod 4710 /scripts/myscript root#useradd -u 1001 gavin root#usermod gavin -G vhost root#logout gavin$/scripts/myscript 1001 gavin$ i had to create /usr/local/bin/setuid_php and chmod 4710 it to be able to make my php scripts run setuid root (i'm not a perl person i don't know if perl supports setuid but I know scripts that i pass thru /bin/zsh support setuid) I don't really like having that script there :0 because A, I'm learning but i'm learing quickly that the more "permissions" you have the more you're likely to get a stuck up the rear end and essentially that lets anyone become god on my system who might find it, I think i'm going to go move it outside of /usr/local/bin right now */ ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=22890&edit=1
