Re: SELinux vs BackupPC web interface

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



John Summerfield wrote:

I take it the script begins
   #!/usr/bin/sperl

Change it to
   #!/usr/bin/perl
and see what you see.


No, it begins   #!/usr/bin/perl
but it needs to run suid to access the backups. [~] 11) l -lZ /var/www/cgi-bin/BackupPC/
-rwsr-x---  backuppc apache system_u:object_r:httpd_sys_script_exec_t:s0
BackupPC_Admin*


I think your phrase "fix properly" meas you need to learn how to write a local policy to allow it.


This same script worked in FC6.

There's been some tension (to my mind at least) between Linux[1] (setuid is ignored with scripts)

It is ignored in shell scripts because Linux does not provide the capability of running them securely (i.e. noticing the setuid status is not atomic with the file open so you have a race condition where you can replace the file).

and perl (stuff Linux, we're going to do setuid scripts).

Perl provides its own mechanism for executing setuid perl scripts, but it is packaged separately in fedora. You have to install the perl-suidperl package if you want the feature.

[1] I don't think Linux is alone here.

What I have done, in Debian and without selinux, where I want CGI to do root stuff is to authorise it without passwords via sudo,

Is there some reason to think this is better than the methods provided by apache or perl?

--
  Les Mikesell
   lesmikesell@xxxxxxxxx

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux