[fpc-pascal]Login CGI
Andreas K. Foerster
AKF at AKFoerster.de
Tue Oct 16 19:37:26 CEST 2001
On Tue, Oct 16, 2001 at 02:54:54PM +0200, Cyril Lamy wrote:
> > If you want to have root privileges, simply make the CGI program
> > setuid root.
> > But don't blame me, if someone kills your system!
>
> It is very dangerous to run a cgi script as root.
> any hole in the cgi can be an enty point to break your system
I just forgot the smiley.
> I recently made an web-interface to create unix accounts on a server :
> You have a form that require a the username and a password to create
> the corresponding account.
> This page is protected by a .htaccess (the server is running apache).
>
> When you validate the form, the cgi create a file containing the username
> and the plain password. (not
> very sure, of course but more secure than running cgi as root).
You could make it more secure when you make this:
chmod('filename', 0);
Then only root can read the file.
> Then , the cron daemon execute all ten minutes a program that have the
> setuid set to root and this program
> read the file created by the cgi, verify datas and then create unix
> accounts.
>
> This method is not 100%secure but it shows you how to avoid cgi running as
> root.
Very good idea.
Thanks!
--
Tschuess
Andreas
More information about the fpc-pascal
mailing list