| From: | Viktor Fougstedt <viktor(at)dtek(dot)chalmers(dot)se> |
|---|---|
| To: | Richie <dugganr(at)student(dot)cs(dot)ucc(dot)ie> |
| Cc: | pgsql-php(at)postgresql(dot)org |
| Subject: | Re: Using system call + wrapper? |
| Date: | 2001-02-26 17:28:47 |
| Message-ID: | Pine.GSO.4.10.10102261822020.12465-100000@peurifoy.dtek.chalmers.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-php |
On Mon, 26 Feb 2001, Richie wrote:
> It was suggested to me to use a wrapper that invokes a system call such as
> system('sudo upload.php -p password') that will run the program in sudo
> but I really don't know where to start with this??
You should never, ever, ever run CGI-/PHP-applications as root. And
running things as root is what sudo normally does. Is that what you're
contemplating?
If so, alter the owner of the directory instead so that your ordinary
CGI-/PHP-scripts may write to it. But be _very_ careful how you write your
code. Can anybody upload things? What happens when the filesystem gets
full? Also be very careful that you do not trust any data the user
supplies, especially not with the "system" call.
/Viktor...
--| Viktor Fougstedt, system administrator at dtek.chalmers.se |--
--| http://www.dtek.chalmers.se/~viktor/ |--
--| ...soon we'll be sliding down the razor blade of life. /Tom Lehrer |--
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mitch Vincent | 2001-02-26 17:31:53 | Re: Using system call + wrapper? |
| Previous Message | David Olbersen | 2001-02-26 17:25:48 | Re: Using system call + wrapper? |