Question about c wrapper for a python cgi project.
Ignacio Vazquez-Abrams
ignacio at openservices.net
Mon Sep 3 20:39:12 EDT 2001
On Mon, 3 Sep 2001, Wayne Ringling wrote:
> I have been researching a way to somehow run a script in a c wrapper as
> root. I have created a python script to alter the password and shadow files
> to add,delete,change users for an online community project my group is
> working on. Can someone point me to a reference/how to about how I can do
> this. I have created a session persistent cookie/database system to monitor
> state between pages and login/logout. I just need a way to run the script
> as root securely. Or is that just a pipedream? I would love to entertain
> any other ideas on how I can do this.
>
> Wayne
You said "run as root" and "securely" in the same sentence relating to CGI.
You're funny!
There is no way to make it entirely secure, but you can start by getting the
script that changes the password OUT of any directory directly-accesible by
the web server. Then make a script that verifies EVERYTHING about the
information (i.e., minimum uid, length of password, etc.) and then, and _only_
then, should you call the other script (which has been made suid root, and
possibly sgid root) to do the changes.
--
Ignacio Vazquez-Abrams <ignacio at openservices.net>
More information about the Python-list
mailing list