[Linux-disciples] suid/rcs/perl difficulties
Adam Rosi-Kessel
adam at rosi-kessel.org
Mon Aug 1 22:31:19 EDT 2005
I'm trying to figure out setuid/perl/RCS issues. The help-rcs mailing
list <http://lists.gnu.org/mailman/listinfo/help-rcs> has had nothing but
spam postings for a few months, so I figure that's not going to be a
productive place to ask.
My perl CGI script runs setuid (better to be me than www-data).
It uses rcs to check files in and out. This must be done through system
calls--I'm using librcs-perl, but librcs-perl is still using system() to
run rcs.
The problem is that rcs checks files out as www-data, not me. So once
they are checked out, they are no longer writable by the setuid perl
script, because the perl script is running as me and the file is owned
by www-data.
I don't quite understand why this happens--shelling out to `whoami`
indicates the shell is me. I even set the real user to the effective user
($< = $>) prior to the RCS call, but RCS still insists as checking out to
www-data.
Am I going about this the wrong way? Any suggestinos where to ask this
question?
--
Adam Rosi-Kessel
http://adam.rosi-kessel.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.bostoncoop.net/pipermail/linux-disciples/attachments/20050801/3d95903d/attachment.pgp
More information about the Linux-disciples
mailing list