XYZ has asked for the wisdom of the Perl Monks concerning the following question:

Hi, 1st time poster and perl newbie. I am writing an interface to change network settings on FreeBSD. I will need to read and write to rc.conf and resolv.conf, and execute /etc/netstart at the end for the new settings to take effect. However, I will need root access to 1) write to the 2 config files and 2) to execute /etc/netstart. Is there actually a safe way to do this through cgi? I have done some research and seems like setuid/setgid is not very safe and should not be done by a newbie like me. And I would rather not add 3rd party server side software. Thanks for any help or point in the right direction. update: is suExec what I am looking for? Is this more safe?

Replies are listed 'Best First'.
Re: running root command from cgi
by sauoq (Abbot) on Oct 31, 2003 at 00:21 UTC

    Why do you want to do this via a CGI interface?

    You could write a wrapper in C which execs your script and setuid the wrapper. Better might be to have the script call a setuid program that does the minimal amount necessary with root privs. Whatever you do, be extremely careful with user input. Run with tainting enabled (-T) and untaint the data very carefully.

    Better yet, just don't do this.

    -sauoq
"My two cents aren't worth a dime.";
[reply]
      Thanks for the quick reply. I am doing this so they can package the server as a product which allows the not so savvy users to change network configurations. Is suExec a viable option? Please advise. Thanks in advance.
[reply]
        a product which allows the not so savvy users to change network configurations.
        When will they write software that will allow alcoholics to drive beer delivery trucks? ;)

        Plankton: 1% Evil, 99% Hot Gas.
[reply]
Re: running root command from cgi
by jasonk (Parson) on Oct 31, 2003 at 01:32 UTC

    suExec is carefully constructed to prevent exactly what you are trying to do. sudo would be a better option, have the cgi run as whatever user the webserver normally runs it as and configure (very carefully) sudo to allow that script to run only the commands it needs to in order to modify the files and restart networking. If I were planning to do something like this, I would probably modify the config files so the web server can write to them, configure sudo so it can run netstart, and not worry about trying to run the script itself as root (which is an overwhelmingly bad idea)

    We're not surrounded, we're in a target-rich environment!
[reply]
Re: running root command from cgi
by archen (Pilgrim) on Nov 01, 2003 at 02:12 UTC
    I am doing this so they can package the server as a product which allows the not so savvy users to change network configurations.

    Um... is allowing users to screw up the method in which they update the server a good idea? Just a thought ;)

    I would recommend something like Jasonk is talking about. But to give a few more ideas in the pool.

    make a script that will do the actual editing and restart netstart. Using taint mode is an absolute must! Because you're on FreeBSD modifying the config is actually pretty easy. All you need to do is append the delta's to the end of rc.conf, so the relevent information like ip address, mask and such should be pretty easy to check. Make this script SUID root, and make sure that the only thing it will execute is /etc/netstat. Then put this script somewhere safe, that is; somewhere where apache will certainly not be able to see it.

    Then make a second script to be the "web interface". Again taint checking is a must. Then use the first script to pass parameters to the second script. Just make sure that you are extremely strict on what input is allowed, and careful in what you write to rc.conf, make sanity checks at both ends and you should be fine.

    You can also include files in rc.conf. Which might be a little safer than risking wacking the entire file. Just use the shell include syntax:

    . /path/to/file

[reply]

Back to Seekers of Perl Wisdom