Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] PHP-Majordomo to execute commands on demand?
  • From: Ralf Koch <info@xxxxxxxxxx>
  • Date: Sun, 27 Jan 2002 03:46:49 +0100
  • Message-id: <PM-DB.20020127034649.7360E.1.1D@xxxxxxxxxxxxx>
Hi Leonel,

I did it the following way:

I run a small Perl daemon w/ root rights listening to a TCP Port on the
loopback device. On my Apache-SSL are some PHP scripts you can acces
after authentication (also done from PHP script on the HTTPS server.
The PHP scripts start a small communication sequence to show the Perl
daemon, that they are allowed to access (kind of protocol). After this,
the PHP scripts are allowed to send commands to be executed w/ root
rights from the daemon w/ a simple system() call.

The "features" of this solution are:
- The Perl daemon is only accessible via loopback device
- You have to know the "protocol" of the daemon
- The WebServer can be a standard Apache w/ SSL, running as which user
you want it to
- You don't have to play w/ suid, sudo etc. and ned not to toggle rights

Same can be done w/ a special alias for your mail transport program,
piped to a script which checks and prepares the mail and writes the
needed content to a file. Then a daemon running as root checks e.g. every
minute if this file exists and executes the content.

Have fun,

Ralf

PS: I use it with an Apache listening to my internal network only (for
administration), because I don't trust myself if this configuration is
really secure, and I don't need to do things remotely w/o SSH.



>Hi everybody
>
>Im trying to improve security by making the minimal
>services to run on a 7.2 server, now, my question is
>how to make services run and stop on demand, like ssh
>or inetd. Is possible to make.. say a web page under
>ssl to launch and stop such services? or maybe a
>majordomo mail with the apropriate password? the idea
>is to have ONLY apache and sendmail running all the
>time, nothing more, then, run ftpd or ssh as needed,
>then stop it.
>Thanks
>
>__________________________________________________
>Do You Yahoo!?
>Great stuff seeking new owners in Yahoo! Auctions!
>http://auctions.yahoo.com
>
>--
>To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
>For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>


< Previous Next >
References