From: gavin at itmerge dot com Operating system: Linux 2.4.18 PHP version: 4.3.1 PHP Bug Type: CGI related Bug description: CLI setuid scripts don't run setuid
/* my sample script is */ #!/usr/local/bin/php <?php echo posix_getmyeuid()."\n"; ?> /* root#chown root.vhost /scripts/myscript root#chmod 4710 /scripts/myscript root#useradd -u 1001 gavin root#usermod gavin -G vhost root#logout gavin$/scripts/myscript 1001 gavin$ i had to create /usr/local/bin/setuid_php and chmod 4710 it to be able to make my php scripts run setuid root (i'm not a perl person i don't know if perl supports setuid but I know scripts that i pass thru /bin/zsh support setuid) I don't really like having that script there :0 because A, I'm learning but i'm learing quickly that the more "permissions" you have the more you're likely to get a stuck up the rear end and essentially that lets anyone become god on my system who might find it, I think i'm going to go move it outside of /usr/local/bin right now */ -- Edit bug report at http://bugs.php.net/?id=22890&edit=1 -- Try a CVS snapshot: http://bugs.php.net/fix.php?id=22890&r=trysnapshot Fixed in CVS: http://bugs.php.net/fix.php?id=22890&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=22890&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=22890&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=22890&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=22890&r=support Expected behavior: http://bugs.php.net/fix.php?id=22890&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=22890&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=22890&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=22890&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=22890&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=22890&r=dst IIS Stability: http://bugs.php.net/fix.php?id=22890&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=22890&r=gnused