|
|
发表于 2003-12-5 14:31:56
|
显示全部楼层
前因後果
http://www.dwheeler.com/secure-p ... O/avoid-setuid.html
------------------------------------------------------------------
7.6. Avoid Creating Setuid/Setgid Scripts
Many Unix-like systems, in particular Linux, simply ignore the setuid and setgid bits on scripts to avoid the race condition described earlier. Since support for setuid scripts varies on Unix-like systems, they're best avoided in new applications where possible. As a special case, Perl includes a special setup to support setuid Perl scripts, so using setuid and setgid is acceptable in Perl if you truly need this kind of functionality. If you need to support this kind of functionality in your own interpreter, examine how Perl does this. Otherwise, a simple approach is to ``wrap'' the script with a small setuid/setgid executable that creates a safe environment (e.g., clears and sets environment variables) and then calls the script (using the script's full path). Make sure that the script cannot be changed by an attacker! Shell scripting languages have additional problems, and really should not be setuid/setgid; see Section 10.4 for more information about this.
http://www.open.com.au/catool/faq.html
------------------------------------------------------------------
5. When I try to run catool on RedHat EL, I get an error about "Can't do setuid"
Some version of Linux are shipped without the suidperl support package, which allows catool ti run as setuid.
This will result in a browser error wghen you try to access the catool program, and an error in the web server log, something like this:
Can't do setuid
[Mon Oct 6 05:18:30 2003] [error] [client 210.49.153.39] Premature end of script headers: /var/www/cgi-bin/catool
You should install suidperl. RPM binaries of perl-suidperl are available |
|
IP卡
狗仔卡
发表于 2003-12-5 12:41:55
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
楼主