write a PHP code to run some command as ROOT ???
I'm trying to write PHP code to run shel command, but there're some command I used must be run AS ROOT.
For example: Code:
shell_exec("ifconfig eth0 down"); Is there any solution ?? Help me. |
You can make a daemon that runs under root previlege and waits for a connection from localhost , then run the raw command
this by itself is a security hole |
Thanks, but is there another way that's more secure than make a daemon?
|
you can sit behind xinetd , most of daemons do like this
see man pages for inetd and xinetd but still I'm not sure about security I will search for this and will let you know if I find any solution , but keep searching Regards Arsham |
Thank you Arsham.
I think I can make it a daemon and wait for connection to run sepecific commands but password is required. And the web UI must also need username and password to access it. I may try to secure them by SSL. But I feel this solution is unsafe. So if there is better solution, please tell me soon. |
Kernel doesn't let you to post the root password , I mean you have to sit in front of the computer or ssh/telnet it and open a shell to login as root
you must limit the access of the daemon to localhost , for reson of security Regards |
Perhaps this would work... Write a script/program to run the command for you, set the owner to root and as root run chmod 4755 on it. This makes it run as the user who created it, i.e. root.
|
If you know what the commands are you could set them up in a sudoers file, and then get php to call the command via sudo.
|
I wrote a C program like this (for test only)
Code:
/* test.c */ Code:
$gcc -o test test.c Code:
$chmod +s test Code:
$test ifconfig eth0 down But when I run it by PHP Code:
<?php Why??? |
I added apache user to the sudoers too but it's no use!!!
Code:
%apache ALL=(ALL) NOPASSWD: ALL |
buddy
in your program , listen to a port , then after recieve the proper command , run the command via your daemon ( whick has root access ) then via PHP open a socket and send your command to the program which is listening regards |
I'm doing what you said.
Thanks bro |
it's a good thing nobody in this forum knows how to find tritong's webapp on the internet... it would be pwned in about 3 seconds
|
This web application is for testing purpose only. So, I'm not afraid of hacking.
|
All times are GMT -5. The time now is 09:33 PM. |