suid perl alternatives
2012-01-03 19:41:01.005274+00 by
Dan Lyke
4 comments
So apparently, somewhere between Ubuntu 11.10 and the Perl community, perl-suid has disappeared. What's the modern accepted alternative if you want to, say, have a CGI script (run from Apache as www-data) write data to a directory (like an image upload)?
I had been piping in to a suid Perl script whose job it was to do the security and data integrity checks before writing the file. Do I now build a C wrapper to do this?
[ related topics:
Free Software Interactive Drama Perl Open Source Writing Heinlein Community hubris
]
comments in ascending chronological order (reverse):
#Comment Re: made: 2012-01-04 02:46:49.653399+00 by:
spc476
It's what I would do. And it wouldn't have to be very much C code. Pretty much just a call to exec() and set the suid bit on the program.
#Comment Re: made: 2012-01-04 03:04:27.66618+00 by:
Dan Lyke
Yeah. In fact my Perl program was kind of structured that way, it loads a library in which all of the real development is done so that I don't actually have to tweak the file in question.
Just a pain in the ass.
#Comment Re: made: 2012-01-04 11:20:54.703683+00 by:
John Anderson
Maybe I don't understand exactly what you're trying to do, but wouldn't it be easier to just chown the
directory to www-data? (Or do the same with group-write permissions?)
#Comment Re: made: 2012-01-04 14:23:40.365443+00 by:
Dan Lyke
The directory gets written from enough different processes that although I could do chmod a+w, it seems much smarter to me to have something that gets a token, and that verifies that what gets put in the directory is indeed a JPEG, and all the thumbnails and such get created appropriately.