Running CGIs under my uid - going slowly insane.
pawn
NOSpawnPAM at lightspawn.org
Fri Feb 1 18:26:25 EST 2002
bash$ chmod 755 test.cgi
bash$ lynx -dump http://(domain)/cgi-bin/test.cgi
65534 65533
bash$ chmod 4755 test.cgi
bash$ lynx -dump http://(domain)/cgi-bin/test.cgi
65534 65533
as for the OS:
bash$ -uname
FreeBSD addr12.addr.com 4.4-STABLE FreeBSD 4.4-STABLE #0: Thu Nov 8
17:07:35 PST 2001
root at addr24.addr.com:/usr/src/sys/compile/ADDRKERN i386
I was first alerted to the problem by the CGI's refusal to read/write
certain files of mine which are not world read/writeable.
PS: nothing to do with this, but I'm even more outraged by the fact
that addr.com seem to have a support policy that states 'if you can't
solve the problem, don't answer at all'. I've seen that a couple of
other places too, never in writing of course.
Jonathan Hogg <jonathan at onegoodidea.com> wrote in message news:<B88081C5.40F9%jonathan at onegoodidea.com>...
>
> Are you sure the scripts aren't running as you? How are you testing this?
>
> Note that setting an executable's setuid bit will change the "effective" uid
> of the resulting process, not the uid (see 'os.get*e*uid()' above). This
> means that the process may use that user's permissions.
>
> The webserver doesn't contain a Python interpreter does it? Perhaps it's
> directly executing the scripts instead of 'exec'ing them?
>
> Jonathan
More information about the Python-list
mailing list