Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can't run passwd from Perl CGI

Status
Not open for further replies.
msc0tt

msc0tt

IS-IT--Management
Jun 25, 2002
281
CA
Within my Perl CGI, I need to check the status of an arbitrary user account. This is done with the Linix command "/usr/bin/passwd -S jdoe". The blog warning is: "You may not change the password for jdoe." The CGI completes, so I do get my webpage (less the status info I need). My script runs SUID root (by means of a wrapper).

My line in the script is:
`/usr/bin/passwd -S $login`
I've cleared the PATH with:
$ENV{"PATH"} = "";
I've synced with realUID and effectiveUID with:
$< = $>;
I've untainted the $login variable (&quot;jdoe&quot;) with:
$login =~ /(.+)/; $login = &quot;$1&quot;;

Anyone been here before?
-Mike
 
Sort by date Sort by votes
Your webserver user probably does not have permissions to do operations against the passwd file, at least if its configured half-way securely it won't.

Giving remote users access to system level resources is never a happy thing.

IF you run it as root from command line it probably works right?
 
Upvote 0 Downvote
You are right that the webserver user can't perform passwd operations - that's why an SUID wrapper runs the Perl CGI. Also, the CGI is password (Apache-level) protected AND only runs on our IntraWeb. It is a sysAdmin page for my IT team only. (None of this is relavent to my problem, but wanted to address your security advice :-{).
Finally, I'm not able to run this from the command line to check. This section of the cgi only runs when invoked from a form within the same cgi (recursive call).
 
Upvote 0 Downvote
Even with SUID I don't think you will be able to run this passwd command.

Take this section of code, slap it in a text file and try to run it as root. Then try to run it as your webserver user, see if they act the same. If they do its NOT a permissions problem, otherwise its is.

 
Upvote 0 Downvote
Hahahaa....
Yet some more debugging has solved my problem. The first instance was SUID root, but the recursive calls were not! Why? Well, in my POST form, the ACTION was calling the actual Perl cgi, and NOT the SUID wrapper! Silly oversight -sheesh!!
Thanks for the help.
-Mike
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

khanUlm
  • Locked
  • Question
Redirect to another page using cgi
Replies
0
Views
593
khanUlm
khanUlm
SrCairo
  • Locked
  • Question
cgi file execution problem
Replies
0
Views
540
SrCairo
SrCairo
codemut
  • Locked
  • Question
cgi permissions
Replies
2
Views
577
raggmopp
raggmopp
twowheelin
  • Locked
  • Question
Can't run a java tool in my CGI Script
Replies
0
Views
523
twowheelin
twowheelin
dolfantimmy
  • Locked
  • Question
Returning large binary to browswer via CGI
Replies
8
Views
883
dolfantimmy
dolfantimmy

Part and Inventory Search

Sponsor

Back
Top