Re: [Asterisk-Users] vmail.cgi: -rwsr-sr-x as root *still* won't read the files
On Thu, Apr 28, 2005 at 11:43:57PM -0500, Brian Capouch wrote: I'm running Apache as nobody. Wondering why the SUID vmail.cgi script still can't read my files; it comes with the bits set SUID, which I thought would do the trick. It works just fine if I make the files in the maildir world-readable. Thanks. No clues in the archives no Wiki that appear germane. apache's suexec will not run suid scripts. It will also not run scripts as root. It has a strict checklist (specified in its docs) that it checks the target script before exeecuting it. If the script fails one of those requirements, you'll see a note in suexec's logs. Linux in general will not run SUID scripts (executables whose magic is '#!') as some race conditions will allow you to abuse this to run arbitrary command as the target user. Anyway, asterisk should not be running as root. It should be running under its own, separate user. That's what the switch -U is for. And now you only have to find a way to run that script as that asterisk user. -- Tzafrir Cohen | [EMAIL PROTECTED] | VIM is http://tzafrir.org.il | | a Mutt's [EMAIL PROTECTED] | | best ICQ# 16849755 | | friend ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] vmail.cgi: -rwsr-sr-x as root *still* won't read the files
On Fri, Apr 29, 2005 at 10:50:42AM -0400, mike castleman wrote: On Fri, Apr 29, 2005 at 12:23:48AM -0500, Brian Capouch wrote: Drat. Perl screams bloody murder if you try to just set its SUID bit, which of course is dangerous as hell. The perl-suid is *not* simply a version of perl with the suid bit set but rather a helper binary which allows perl to run suid scripts. Try it. Note that this script does not use any of the standard safety mechanisms perl provides to achive some safety. It does not use -w or -T or strict. Nor is it simple to adapt it to use those. -- Tzafrir Cohen | [EMAIL PROTECTED] | VIM is http://tzafrir.org.il | | a Mutt's [EMAIL PROTECTED] | | best ICQ# 16849755 | | friend ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] vmail.cgi: -rwsr-sr-x as root *still* won't read the files
On Fri, Apr 29, 2005 at 12:23:48AM -0500, Brian Capouch wrote: Drat. Perl screams bloody murder if you try to just set its SUID bit, which of course is dangerous as hell. The perl-suid is *not* simply a version of perl with the suid bit set but rather a helper binary which allows perl to run suid scripts. Try it. mike -- mike castleman network / systems administrator democracy now! mailto:[EMAIL PROTECTED] tel:+1-212-431-9090 (democracy now) tel:+1-646-382-7220 (cell) ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] vmail.cgi: -rwsr-sr-x as root *still* won't read the files
Try making sure you have installed the suid perl stuff if your OS needs it. Some kernels do not natively obey the setuid flag when executing scripts (On Debian, this involves installing the perl-suid package. Other Linux-based distributions probably need something similar.) On Thu, Apr 28, 2005 at 11:43:57PM -0500, Brian Capouch wrote: I'm running Apache as nobody. Wondering why the SUID vmail.cgi script still can't read my files; it comes with the bits set SUID, which I thought would do the trick. It works just fine if I make the files in the maildir world-readable. Thanks. No clues in the archives no Wiki that appear germane. B. -- mike castleman network / systems administrator democracy now! mailto:[EMAIL PROTECTED] tel:+1-212-431-9090 (office) signature.asc Description: Digital signature ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] vmail.cgi: -rwsr-sr-x as root *still* won't read the files
mike castleman wrote: Try making sure you have installed the suid perl stuff if your OS needs it. Some kernels do not natively obey the setuid flag when executing scripts (On Debian, this involves installing the perl-suid package. Other Linux-based distributions probably need something similar.) Drat. Perl screams bloody murder if you try to just set its SUID bit, which of course is dangerous as hell. G. I know there are patches out there that fix all of this. I wonder why none of them (I've found two so far, and seem to think I've seen others as well) haven't ever been incorporated into the codebase. This is far too much work for such a simple thing. B. ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users