[vox-tech] Running a suid root perl script
Mike Simons
vox-tech@lists.lugod.org
Tue, 06 May 2003 16:47:24 -0400
--xUq7mlTLx96rFlBf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, May 05, 2003 at 01:43:34PM -0700, Ken Herron wrote:
> My guess is that you're being tripped up by the real ID being different=
=20
> from the effective ID.
Ken,
You are correct, ssh used the real ID to select the user name and
directory to find the local key... that is fixed.
> However, would recommend you implement this process in another way. First=
=20
[...all good points... local root is not needed, remote root is probably
not needed, if ssh is used a remote command should be specified for the
key, the remote command should be a wrapper around the real work
scripts, ... all so that malicious local users can't mess things up.]
> Personally I wouldn't have the user launching ssh interactively at all.=
=20
> I'd probably just write the mail to a file in a directory somewhere, then=
=20
> use a cron job to periodically copy the directory contents to the remote=
=20
> system.
How about having the users bounce the mail message with headers to=20
bogofilter@site.internal
then having scripts on the mail server deal with adding the spam details=20
to its filtering system?
--=20
GPG key: http://simons-clan.com/~msimons/gpg/msimons.asc
Fingerprint: 524D A726 77CB 62C9 4D56 8109 E10C 249F B7FA ACBE
--xUq7mlTLx96rFlBf
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE+uB9c4Qwkn7f6rL4RAn7SAJ9KrC6/4minJq544jiv7dtF5M9+AACdFXIa
WbFEDA3J4Yje1pgCNi0qbMo=
=awwa
-----END PGP SIGNATURE-----
--xUq7mlTLx96rFlBf--