httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject [users@httpd] CGI via suexec
Date Fri, 29 Jul 2005 03:07:25 GMT
On 7/27/05, Atte Peltomaki <atte.peltomaki@f-secure.com> wrote:
> > > I'm trying to implement such scenario where a cgi script would be run as
> > > the user that just authed against the local passwd. This way the cgi
> > > script would have the same rights as the local user does.
> > >
> > > Anyone have any ideas how to pass the login information to suexec?
> >
> > If you mean HTTP authentication login, then it can't be done.  This
> > would violate suexec's security model.  It only runs scripts based on
> > their owner.
> >
> > You can look at cgiwrap, which is a little more flexible.  But I doubt
> > it will do this either.
>
> It didn't seem like cgiwrap would be able either. Any other ideas,
> anyone? Last resort is to sourcedive for the http auth login bit, and
> hook it to a homebrewn cgiwrapper, or a modified version of
> suexec/cgiwrap. But this is a lot of work, perhaps too much for what it
> would achieve.

look into sudo.

(The reason there is no easy way to do this is because it can easily
create a massive security hole if it is not done extremely carefully.)

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message