Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
You should be aware that processing web forms with a program that has root privileges is very insecure. There's probably a better way to accomplish what you want. If you'd explain what you want to do, I'm sure someone would find a more secure way to set things up.
You should be aware that processing web forms with a program that has root privileges is very insecure. There's probably a better way to accomplish what you want. If you'd explain what you want to do, I'm sure someone would find a more secure way to set things up.
Regards,
Lotharster
What I'm trying to do is create the ability on my website for users to signup for their own email accounts online. That process requires root privileges.
It's not as gloomy as you paint it. As long as the submitted data is sanitized before being used on a command, I don't see the danger.
Let's say the command to add a new email address is:
{mail server home}/bin/vadduser web_data
where web_data is the email address submitted from the web.
What's the worse that could happen?
The user could submit a login name like "newaccount ; /usr/bin/rm -rf /". Of course, it's easy to defend against this when you're aware of it. But sanitizing the submitted data against every possible attack (especially the ones you don't know about) is really hard.
What I#d do is set up sudo. You can specify that the apache user may only execute certain commands as root, and can even configure passwordless access.
I would suggest not trying to reinvent a (flawed from the start) wheel but look into existing SW. It saves you headaches and prolly a server and in return you also get a (hopefully) tried and tested tool, support, etc, etc. There must be packages for just doing that on Freshmeat and Sourceforge.
What about chrooting the apache environment, and let apache run as root.
Or even better setup your mail system to run as the apache user (or some other non privileged user)?
I have no idea of what mail system you're using, but that's probably the way I would have tried to solve it...
I see your point here. However, newaccount ; /usr/bin/rm -rf / clearly won't be acceptable as an email address. An email address has a narrow definition of acceptable characters.
So, while your point is good in general, in my particular case, it doesn't apply.
So, once again, I ask:
If I run as root
{mail server home}/bin/vadduser web_data
where web_data is the email address submitted from the web. What's the worse that could happen?
I would suggest not trying to reinvent a (flawed from the start) wheel but look into existing SW. It saves you headaches and prolly a server and in return you also get a (hopefully) tried and tested tool, support, etc, etc. There must be packages for just doing that on Freshmeat and Sourceforge.
What about chrooting the apache environment, and let apache run as root.
Or even better setup your mail system to run as the apache user (or some other non privileged user)?
I have no idea of what mail system you're using, but that's probably the way I would have tried to solve it...
I'm looking into this idea. I'm not formally trained in Linux, so everybody's input is a major help. Thanks to you all.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
