schweini has asked for the wisdom of the Perl Monks concerning the following question:
Hi, all
I vaguely remember that suidperl (couldn't find its website, By the way?) was littered with security problems, and was (planned to be?) discontinued.
Yet, now i have to allow some CGI-invoked processes to be able to execute some perl scripts that really should be suid root, so my plan was to allow apache to call these scripts via sudo, and tell sudo not to prompt for a password.
additionally, the called scripts will (hopefully) do some additional checks regarding who called them when and how to determine whether everything's fine, and they wont take any arguments (just to avoid any potential pitfalls).
would somehting like that be 'secure enough', or is there some more elegant way to let CGI-scripts somehow do administrative work on a machine? how does webmin do this?
thanks,
-schweini
I vaguely remember that suidperl (couldn't find its website, By the way?) was littered with security problems, and was (planned to be?) discontinued.
Yet, now i have to allow some CGI-invoked processes to be able to execute some perl scripts that really should be suid root, so my plan was to allow apache to call these scripts via sudo, and tell sudo not to prompt for a password.
additionally, the called scripts will (hopefully) do some additional checks regarding who called them when and how to determine whether everything's fine, and they wont take any arguments (just to avoid any potential pitfalls).
would somehting like that be 'secure enough', or is there some more elegant way to let CGI-scripts somehow do administrative work on a machine? how does webmin do this?
thanks,
-schweini
Back to
Seekers of Perl Wisdom