no setuid for CGI scripts?
robin at jessikat.fsnet.co.uk
Mon Nov 5 13:04:27 CET 2001
In article <4b4c5d99.0111050348.6d7c9406 at posting.google.com>, pawn
<NOSpawnPAM at lightspawn.org> writes
>I'm trying to convert a few simple CGI scripts from Perl to Python,
>and was shocked to learn that the Python interpreter silently ignores
>the setuid bit.
>I really don't know how to get around this. Since the server is hosted
>remotely I can't recompile python to allow setuid, and I can't make my
>files world read/writable - I need my python CGIs to run with MY uid.
>I read somewhere about using a wrapper C program but it seems really
>convoluted, as well as requiring a different wrapper for each CGI.
>Is there any solution, or should I stick to / am I stuck with Perl?
If you can get a wrapper program onto your machine it's as easy as this
(at least for freeBSD)
here wrapper is a program that you create to be setuid in your
my code for the wrapper looks like below. I only allow it to work for
the owner and the nobody user.
#define SRCUID 1234 /*our UID so we can do things ourselves*/
#define NOBID 65535 /*another possible ID (nobody*)/
#define TGTUID 1234 /*the desired run UID*/
#define TGTGID 7890 /*the desired run group*/
#define TGTUSER "myusername"
#define TGTHOME "/usr/home/" TGTUSER
int main(int argc, char**argv)
size_t i, n=0;
n = getuid();
if(n!=NOBID && n!=SRCUID) exit(-1);
for(i=1;i<argc;i++) n += strlen(argv[i]);
buf = malloc(n+argc+1);
*buf = 0;
if(i>1) strcat(buf," ");
More information about the Python-list