By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,444 Members | 1,602 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,444 IT Pros & Developers. It's quick & easy.

PHP and the 's' bit

P: n/a
Hi,

I've got the following problem with PHP5.0 :

index.php:
----------
<?php

system("./whoami.pl");

?>
whoami.pl:
----------
#!/usr/bin/perl
system("whoami");

This works perfect, and the system outputs 'www'.

------------------------------

Now, i want to create a little C wrapper around whoami.pl to run it as
root (the program has the SUID bit set):
#define TARGET "./whoami.pl"

main(argc, argv)
char **argv;
{
setuid(0);
seteuid(0);
execv(TARGET, argv);
}
So, this is my directory tree:

-rwsr-x--- 1 pro www 4529 Sep 28 16:20 whoami
-rwx------ 1 pro pro 1829 Sep 28 15:38 whoami.pl
When i NOW do system("./whoami"), it won't work. Nothing gets into my
logs either :(. Apache runs as user/group www so it should be able to
start the program whoami right ?!
Is there any restriction in running scripts/programs with the S bit set?

Thanks in advance,
Remco Bressers
Jul 17 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
On Wed, 29 Sep 2004 00:46:06 +0200, "R. Bressers" <no****@nomail.no> wrote:
I've got the following problem with PHP5.0 :

index.php:
----------
<?php
system("./whoami.pl");
There's a facility for getting the return code, this may be useful to find the
problem.
?>

whoami.pl:
----------
#!/usr/bin/perl
system("whoami");

This works perfect, and the system outputs 'www'.

------------------------------

Now, i want to create a little C wrapper around whoami.pl to run it as
root (the program has the SUID bit set):

#define TARGET "./whoami.pl"

main(argc, argv)
char **argv;
{
setuid(0);
seteuid(0);
execv(TARGET, argv);
}
So, this is my directory tree:

-rwsr-x--- 1 pro www 4529 Sep 28 16:20 whoami
If you want this to run as root, surely it needs to be owned by root, not pro?
-rwx------ 1 pro pro 1829 Sep 28 15:38 whoami.pl

When i NOW do system("./whoami"), it won't work. Nothing gets into my
logs either :(. Apache runs as user/group www so it should be able to
start the program whoami right ?!
Is there any restriction in running scripts/programs with the S bit set?


--
Andy Hassall / <an**@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool
Jul 17 '05 #2

P: n/a
Andy Hassall wrote:
On Wed, 29 Sep 2004 00:46:06 +0200, "R. Bressers" <no****@nomail.no> wrote:

I've got the following problem with PHP5.0 :

index.php:
----------
<?php
system("./whoami.pl");

There's a facility for getting the return code, this may be useful to find the
problem.


Do you know what function to use for this?


?>

whoami.pl:
----------
#!/usr/bin/perl
system("whoami");

This works perfect, and the system outputs 'www'.

------------------------------

Now, i want to create a little C wrapper around whoami.pl to run it as
root (the program has the SUID bit set):

#define TARGET "./whoami.pl"

main(argc, argv)
char **argv;
{
setuid(0);
seteuid(0);
execv(TARGET, argv);
}
So, this is my directory tree:

-rwsr-x--- 1 pro www 4529 Sep 28 16:20 whoami

If you want this to run as root, surely it needs to be owned by root, not pro?


That's right. I tried that, but it doesn't work :(
Thanks,
Remco

-rwx------ 1 pro pro 1829 Sep 28 15:38 whoami.pl

When i NOW do system("./whoami"), it won't work. Nothing gets into my
logs either :(. Apache runs as user/group www so it should be able to
start the program whoami right ?!
Is there any restriction in running scripts/programs with the S bit set?


Jul 17 '05 #3

P: n/a
R. Bressers wrote:
Hi,

I've got the following problem with PHP5.0 :

index.php:
----------
<?php

system("./whoami.pl");

?>
whoami.pl:
----------
#!/usr/bin/perl
system("whoami");

This works perfect, and the system outputs 'www'.

------------------------------

Now, i want to create a little C wrapper around whoami.pl to run it as
root (the program has the SUID bit set):
#define TARGET "./whoami.pl"

main(argc, argv)
char **argv;
{
setuid(0);
seteuid(0);
execv(TARGET, argv);
}
setuid 0... run as root. You don't have permission to do this, so the
program will fail. The program is setuid, so it will run as pro.

You do not need to setuid to run whoami. The setuid bit runs the program
with the effective owner of the program, ie as pro. It is not running as
setgid, so for this purpose the group ownership is irrelevant ( the fact
that is it executable as group www means that an attempt will be made to
run it by apache as it has permission ).

man 2 setuid will give you more info.

Steve
So, this is my directory tree:

-rwsr-x--- 1 pro www 4529 Sep 28 16:20 whoami
-rwx------ 1 pro pro 1829 Sep 28 15:38 whoami.pl
When i NOW do system("./whoami"), it won't work. Nothing gets into my
logs either :(. Apache runs as user/group www so it should be able to
start the program whoami right ?!
Is there any restriction in running scripts/programs with the S bit set?

Thanks in advance,
Remco Bressers

Jul 17 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.