Re: Running ipfw from a webpage/using php.
* Patrick Holahan <[EMAIL PROTECTED]> [20021014 16:35]: > I need to run a root command (ipfw) from apache through php. (Yes, this is > not very secure and I'm aware of this and if anyone has any better > suggestions, please feel free to make them.) What do you want to do? (No, you *don't* want to run a command as root from php) > Would anyone know how to do this? If you really want to do it, you can try Apache's SUEXEC feature. Read about it at http://httpd.apache.org/docs/suexec.html qvb -- pica To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Running ipfw from a webpage/using php.
# [EMAIL PROTECTED] / 2002-10-14 16:12:36 +0100: > On Mon, Oct 14, 2002 at 04:54:03PM +0200, Jens Rehsack wrote: > > Patrick Holahan wrote: > > > > I need to run a root command (ipfw) from apache through php. (Yes, this is > > > not very secure and I'm aware of this and if anyone has any better > > > suggestions, please feel free to make them.) > > > is that the function you search: > > string exec ( string command [, array output [, int return_var]]) > > That will run as the UID of the webserver, usually www, which won't be > very useful for doing stuff with ipfw. > > I'd grab sudo(8) or one of the alternatives from ports and very > carefully craft a /usr/local/etc/sudoers file that lets the www UID > run a specific ipfw command line without giving a password. Be very > careful not to let the www UID make arbitrary changes to your firewall > or you will discover the true meaning of pain in very short order. > Remember to add www to the wheel group if you go this way. this is IMO a better solution: #!/bin/sh [ -f /some/file ] && \ /your/command && \ /bin/rm -f /some/file /etc/crontab: * * * * * root/your/script in the php script: touch('/some/file'); > Oh, and good luck maintaining the integrity of your machine if you do > implement this. You're going to need it... not necessarily. implementation dependent. :) -- If you cc me or take the list(s) out completely I'll most likely ignore your message. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
RE: Running ipfw from a webpage/using php.
I did it It works, but it's NOT secure... Basically I use it to open a SSH port to the dialin machine I am browsing from. You are welcome to my source if you like -D -Original Message- From: Patrick Holahan [mailto:[EMAIL PROTECTED]] Sent: 14 October 2002 16:36 To: [EMAIL PROTECTED] Subject: Running ipfw from a webpage/using php. Hi there.. Hopefully someone here is able to help me.. I need to run a root command (ipfw) from apache through php. (Yes, this is not very secure and I'm aware of this and if anyone has any better suggestions, please feel free to make them.) Would anyone know how to do this? Thanks in advance -ph To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message - ATTENTION: The information in this electronic mail message is private and confidential, and only intended for the addressee. Should you receive this message by mistake, you are hereby notified that any disclosure, reproduction, distribution or use of this message is strictly prohibited. Please inform the sender by reply transmission and delete the message without copying or opening it. Messages and attachments are scanned for all viruses known. If this message contains password-protected attachments, the files have NOT been scanned for viruses by the ING mail domain. Always scan attachments before opening them. - To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
RE: Running ipfw from a webpage/using php.
Typically PHP runs as www (or nobody). You will have to give ipfw root exec premission (forgot what is is called, but mode 1755 and owner root) or use sudo. (man sudo, man chmod) either should work, but be warned this is very INSECURE! Jack > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Patrick Holahan > Sent: Monday, October 14, 2002 9:36 AM > To: [EMAIL PROTECTED] > Subject: Running ipfw from a webpage/using php. > > > Hi there.. > > Hopefully someone here is able to help me.. > > I need to run a root command (ipfw) from apache through php. (Yes, this is > not very secure and I'm aware of this and if anyone has any better > suggestions, please feel free to make them.) > > Would anyone know how to do this? > > Thanks in advance > -ph > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Running ipfw from a webpage/using php.
On Mon, 2002-10-14 at 15:35, Patrick Holahan wrote: > Hi there.. > > Hopefully someone here is able to help me.. > > I need to run a root command (ipfw) from apache through php. (Yes, this is > not very secure and I'm aware of this and if anyone has any better > suggestions, please feel free to make them.) > > Would anyone know how to do this? If you have to do this, I'd suggest setting up sudo so that the user apache runs as has sudo access to run the ipfw command and nothing else. It's still not nice, but it should work. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Running ipfw from a webpage/using php.
On Mon, Oct 14, 2002 at 04:54:03PM +0200, Jens Rehsack wrote: > Patrick Holahan wrote: > > I need to run a root command (ipfw) from apache through php. (Yes, this is > > not very secure and I'm aware of this and if anyone has any better > > suggestions, please feel free to make them.) > is that the function you search: > string exec ( string command [, array output [, int return_var]]) That will run as the UID of the webserver, usually www, which won't be very useful for doing stuff with ipfw. I'd grab sudo(8) or one of the alternatives from ports and very carefully craft a /usr/local/etc/sudoers file that lets the www UID run a specific ipfw command line without giving a password. Be very careful not to let the www UID make arbitrary changes to your firewall or you will discover the true meaning of pain in very short order. Remember to add www to the wheel group if you go this way. Oh, and good luck maintaining the integrity of your machine if you do implement this. You're going to need it... Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Running ipfw from a webpage/using php.
Patrick Holahan wrote: > > Hi there.. > > Hopefully someone here is able to help me.. > > I need to run a root command (ipfw) from apache through php. (Yes, this is > not very secure and I'm aware of this and if anyone has any better > suggestions, please feel free to make them.) > > Would anyone know how to do this? is that the function you search: string exec ( string command [, array output [, int return_var]]) > > Thanks in advance > -ph > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message -- L i W W W i Jens Rehsack LW W W L i W W W W i nnnLiWing IT-Services L iW W W Wi n n g g i W W i n n g gFriesenstraße 2 06112 Halle g g g Tel.: +49 - 3 45 - 5 17 05 91ggg e-Mail: <[EMAIL PROTECTED]> Fax: +49 - 3 45 - 5 17 05 92http://www.liwing.de/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message