System command via CGI not working....but should

Hello,

I am trying to get a CGI script to run a system command.....for example

system `/usr/sbin/adduser larry' or die "User was not added" $?;

I have this line in a script and have set Apache to be run as root (don't 
worry, all this is being done on a test box...I know the security risks) and 
I get an error from adduser that it cannot lock the password file.

Very strange because.....on another box I have the same code working!

The code that is working is below.......

First index.cgi is called


----------INDEX.CGI----------

#!/usr/bin/perl

push (@INC, "/usr/local/interface/server");

require 'cgi-lib.pl';
require 'stub.pl';

exit;

----------END INDEX.CGI---------

Very straight forward so far.....all the action takes place in stub.pl.

---------STUB.PL-------------

# Input Variables:
#
# "zone" -- the zone we're working with.
# "query" -- the kind of query we're making.
# "recordnum" -- the line number of the record to manipulate
# "confirmed" -- confirmed a request we sent
# "host" -- The hostname or IP address to work with
# "record" -- The type of record to work with
# "data" -- Any extra arguments

# Included Functions:
#
# "findroot" -- Find the root named directory.
#	From:  common.pl
# "findzone" -- Find the zone file of a specified zone
#	From:  common.pl
# "getlocalip" -- Gets the local IP address.
#	From:  common.pl
# "getlocalhost" -- Gets the local host.
#	From:  common.pl
# "excludeblock" -- Excludes a block of text.
#	From:  blockmanip.pl

# Unique Functions
# "printzone" -- print out a zone
#	Uses: &findzone
#	Output:  Prints out the requested zone.
#	Returns:  Nothing.
# "delrecord" -- print out a zone, except a specified line
#	Uses: &findzone, $recordnum
#	Output:  Zone file, minus the specified line.
#	Returns:  Nothing.
# "finddomains" -- Find the domains hosted on the machine
#	Uses: $zone
#	Output:  Domains hosted according to /etc/named.conf.
#	Returns:  Nothing.
# "delzone" -- Searches /etc/named.conf, and removes a zone from it
#	Uses: $zone
#	Output:  Prints out the zone, minute the specified line.
#	Returns:  Nothing.
# "addzone" -- Attempts to add a zone.
#	Uses:  &findzone
# "addrecord" -- Attempts to add a record to a zone.
# "gettimargs" -- Attempts to find the time configuration
# 	Uses:  &findzone
#	Returns:  Array of time arguments
# "incserial" -- Increments the serial number
#	Uses:  &gettimeargs
#	Returns:  Current serial number + 1, or error code

@NEWINC = (
        "/usr/local/interface/server/include",
        "/usr/local/interface/server/templates",
        "/usr/local/interface/server/functions",
);

push(@INC, @NEWINC);

undef @NEWINC;

&ReadParse(*input);

if ((getpwuid($<))[0] ne 'nobody' || ( (getgrgid($())[0] ne 'shadow'
    && (getgrgid($())[0] ne 'nobody' ) )
{
  die "I will not function except as child of Apache!\n";
}

unless ($ENV{'REMOTE_USER'} && $ENV{'SERVER_NAME'})
{
        die "I will not function outside of a cgi context!\n";
}

require 'config.pl';
require 'getdtpwnam.pl';

sub comment { # insert hidden snide comments for debugging
	if ($debug)
	{
		 print "<!--\n\t@_  -->\n";
	}
}

# Begin main code.

# Redirect STDERR to STDOUT.
open(STDERR,">&STDOUT");
select STDERR; $| = $1;

# Stard printing out.
print "Content-type: text/html\r\n\r\n",
	'<BODY BGCOLOR="white">';

#print "Content-type: text/plain\r\n\r\n";

# Call the queried function.

$< = 0;
$> = 0;

unless ($ENV{'REMOTE_USER'} && $ENV{'SERVER_NAME'})
{
	die "I will not function outside of a cgi context!\n";
}

unless (
	(
	getdtpwnam($ENV{'REMOTE_USER'}))[1] eq $ENV{'SERVER_NAME'}
	)
{
	&comment("User \($ENV{'REMOTE_USER'}\) and Server Name 
\($ENV{'SERVER_NAME'}\) denied!.\n");
	print "Error!  Incorrect domain name attachment!\n";
	die "\tCannot verify secure user;  dying...\n";
}
else
{
	&comment("User \($ENV{'REMOTE_USER'}\) and Server Name 
\($ENV{'SERVER_NAME'}\) accepted.\n");
}

umask 022;

if ($input{'query'} =~ /(\S+)/)
{
	$query = $1;
}

unless ($query)
{
	die "No query specified, giving up...\n";
}
require "${query}.pl";

&$query;

1;
------------ END STUB.PL------------


Basically what happens is this script receives input from a form (ReadParse 
section) and then makes sure that it is a child of Apache and I believe the 
lines that do:

$< = 0;
$> = 0;

change the ownership of the process to the root user and group....(BTW on my 
system root is 0 in both /etc/passwd and /etc/group).  I THINK that is what 
this does, but PLEASE correct me if I'm wrong.

That being said, the process (that is, everything the script is doing from 
this point) *should* be operating as the root user, correct?

Then the line:

umask 022;

if I understand correctly, makes sure that everything created by the process 
from this point on has the permissions 755.  (correct me if I'm wrong.)

Then the line

&$query;

executes whatever query the form specified.  For example, say the query is 
addaccount....the line would look like this:

&addaccount;

Now, once it gets into addaccount.pl...


----------ADDACCOUNT.PL-----------

require 'slurp.pl';
require 'append.pl';
require 'untaint.pl';
require 'encrypt.pl';
require 'checkin.pl';

if ($input{'query'} eq "addaccount")
{
	require 'listusers.pl';
	require 'listuser-template.pl';
}

sub addaccount {
	if ($input{'user'} =~ /\./)
	{
		&comment("Error:  No \".\" allowed in username.  It screws up chown.");
		print "Error:  No \".\" is allowed in usernames.\n";
		die;
	}
	if (getpwnam($input{'user'}))
	{
		&comment("Error:  User already exists... giving up in addaccount!\n");
		print "Error:  User already exists, giving up...\n";
		die;
	}
	unless ($input{'passwd'})
	{
		&comment("Error:  No password given... giving up in addaccount!\n");
		print "Error:  No password given, giving up...\n";
		die;
	}
	unless ($input{'shell'})
	{
		&comment("No shell specified, defaulting to $defaultshell\n");
		$input{'shell'} = "$defaultshell";
	}
	unless ($input{'home'})
	{
		&comment("No home specified, defaulting to 
${defaulthome}${input{'user'}}\n");
		$input{'home'} = "$defaulthome" . "$input{'user'}";
	}

	my($passwd) = &encrypt($input{'passwd'});

	$ENV{'PATH'} = "";

	$input{'user'} = &untaint($input{'user'});
	$input{'home'} = &untaint($input{'home'});
	$input{'shell'} = &untaint($input{'shell'});
	$passwd = &untaint($passwd);

	&comment("Adding Account for 
$input{'user'}:\n\tHome:\t\t\t$input{'home'}\n\tShell:\t\t\t$input{'shell'}\n\tEncrypted 
Password:\t$passwd\n");
	&checkin("/etc/passwd", "added new user with \"$adduserpath $input{'user'} 
-d $input{'home'} -m -s $input{'shell'} -p $passwd\"");
	system "$adduserpath", "$input{'user'}", "-d", "$input{'home'}", "-m", 
"-s", "$input{'shell'}", "-p", "$passwd";

	&comment("Changing modes for the user's home directory to mode 711 
\(+rwx,go-rw\)...\n");
	chmod 0711, $input{'home'};

	if ($input{'ftp'} eq "NO")
	{
		&comment("FTP access disallowed;  disabling FTP access.");
		&checkin($ftpusers, "Appended \"$input{'user'}\" to $ftpusers");
		&appendscalar($ftpusers,"$input{'user'}\n");
	}
	if ($input{'query'} eq "addaccount")
	{
		&generate_addaccount_dyn;
		&listusers;
	}
	return 1;
}

1;

---------END ADDACCOUNT.PL----------

Ok, don't worry about all the include files....the part that is giving me 
trouble is in this file.

system "$adduserpath", "$input{'user'}", "-d", "$input{'home'}", "-m", "-s", 
"$input{'shell'}", "-p", "$passwd";

Back to my orignial question, this line never executes.....probably because 
the don't have the proper permissions.....meaning the process is not being 
run as root.

The log shows an error message from adduser saying that it can't lock the 
file.

*****Keep in mind that the above code works on another server that someone 
else setup*******  I have done my best to duplicate the environment.

Now, on to how apache is setup.......

First of all the box that is working is running it on Apache SSL and it is 
owned as nobody (user) and shadow (group)........tried this on the other 
box, but there is no shadow group setup and the shadow file is owned and 
grouped to root......so there shouldn't be a problem in my opinion.

I dont' know what other information to include.

If you've made it this far, thanks for taking the time to see if you could 
help.

Any and all help is appreciated.

Please let me know if anyone can help.

Thanks,
Kevin
kevsurf7@hotmail.com

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

0
kevsurf7
8/15/2001 5:16:08 PM
perl.beginners 29388 articles. 4 followers. Follow

0 Replies
11902 Views

Similar Articles

[PageSpeed] 44
Get it on Google Play
Get it on Apple App Store

Reply:

Similar Artilces:

CGI System Commands
Hello I'm trying to execute a system command from within my cgi script and use the program's output. More specifically, I'm trying to convert 2 UTM coordinate pairs to geographic coordinates using proj4. I've developed a perl script that does this effectively from the command line, but I cannot transfer the code to run within the cgi script. In order for the perl script to function, I had to set an environment variable: set proj_lib=<path> From what I can tell, the cgi does not recognize this environment variable and therefore cannot run the proj c...

executing system command via browser
Hi list, I have written a perl CGI script that basically executes a system command via an open command like so: open (COMHANDLE, '/usr/local/bin/gpg --no-tty --list-keys |') or die "can not list keys \n"; print <COMHANDLE>; close (COMHANDLE) or die "can not close COMHANDLE \n"; For some reason, if I run this CGI script in the command line, it executes correctly (I get a list of keys in the shell). But when i try to run this script in a browser, nothing is printed in the borwser. I have also tried with a simpler script that basically gets...

Running system command or batch file using system "[command]"
Hi all, Using Perl on Windows, at the moment am running commands and batch files using system "[OS COMMAND]/[BATCH FILE]", can someone tell me how can I check for the success or failure of running the command, i.e. like a return code in UNIX. Also, is there a better alternative to running OS commands or BATCH files besides the system command. Thanks ... ...

executing system command via browser
Hi list, I have written a perl CGI script that basically executes a system command via an open command like so: open (COMHANDLE, '/usr/local/bin/gpg --no-tty --list-keys |') or die "can not list keys \n"; print <COMHANDLE>; close (COMHANDLE) or die "can not close COMHANDLE \n"; For some reason, if I run this CGI script in the command line, it executes correctly (I get a list of keys in the shell). But when i try to run this script in a browser, nothing is printed in the borwser. I have also tried with a simpler script that basically gets...

CGI: command line works, browser not
Dear All, I have a cgi-script that is supposed to delete some files in a directory. I am using File::Path::rmtree to do this. The files are chmoded 755. Whenever I run this script from the command line, it does exactly as it is supposed to do. Whenever I run this script from within a browser, it skips over the files. However, when I chmod the files 777 the script also works from within the browser. I suppose it has something to do with CGI. I have looked in the FAQs but the only mentioning of the problem I found was in connection with an Internal Server Error. However, ...

CGI execute command via ssh
Aloha I',m trying to execute a command via ssh on a remote maschien via a perl-cgi script. The app i'm building does this a lot, with 99% of success. The missing 1% i'm trying to understand and after that to solve. I use backstick to run the ssh command something like: my $data = `ssh root\@192.168.10.8 /root/somewhere/something $args` This work fine. But the 1% is a command where up to 5 MB are in my $data. --- Only if i run it local on the 192.168.10.8. Remote i only fetch 1.6 MB. While i doesn't matter if i should get 2,3, or 5 MB. Most annoying is that...

system command not working in different versions
--347019335-1976917466-1344406705=:59556 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Dear Friends,=0A=0AI am developing a script in which I need to call another= perl script.=0AIn one linux machine it is working and in the other machine= it is not working.=0A=0AEx:-=A0system("./submit_now.pl $xxxx");=0A=0Acan y= ou please, tell me what is the reason?=0Aand as well solution.=0A=0ARegards= ,=0ANeeli --347019335-1976917466-1344406705=:59556-- You might want to tell us what's the output for error. Some reasons include the fi...

Is there a way by which we can work on ASP application on one system at home and at a different system at work.
I am working on ASP.NET and i am working on a project in which we have to build databases on components. Is there a way by which we can work on ASP application on one system at home and at a different system at work. I mean what all files should be copied or configured according to machines settings. You can do this by combining web.config and user.config files. Put your settings in the <appSettings> element in your web.config file, and use a user.config to override these settings. To do this, you will need to specify a file name for the file attribute of your <appSe...

CGI: command line works, browser not #2
Dear All, I have a cgi-script that is supposed to delete some files in a directory. I am using File::Path::rmtree to do this. The files are chmoded 755. Whenever I run this script from the command line, it does exactly as it is supposed to do. Whenever I run this script from within a browser, it skips over the files. However, when I chmod the files 777 the script also works from within the browser. I suppose it has something to do with CGI. I have looked in the FAQs but the only mentioning of the problem I found was in connection with an Internal Server Error. However, ...

run system command in the background using CGI
------_=_NextPart_001_01C776F1.61AA627A Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello, =20 I have web page that downloads and extracts images based on file selection. The thank you page will not be displayed until the download is complete... (Understandable). One of the download files is quite big and the web server is timing out. I would like to thank you page to be displayed instantly while the download continues to run in the background; kind of like the '&' does at the end of a bash command. Is this ...

commands not working for control added via xslt
Hi,I'm using xslt to convert an xml file containing element definitions into form controls. These form controls are parsed out of the xml on Page_Init and added to a placeholder control within a form. I can then save the values of each control back into the xml file - it's a cms.This is all fine, except now I've added a type of custom control that fires a command on postback. For some reason if I just add this custom control straight into a form (bypassing the xslt operation) the command's associated method is fired, but not if I add it dynamically from the xml.I've compared the source ...

Informix Procedure with UNIX SYSTEM command not working
I want to execute one Informix procedure through PowerBuilder the problem is the Informix procedure calling UNIX SYSTEM command and trying to execute a UNIX shell script. So the procedure having SYSTEM command is not working in PowerBuilder. Other procedures without System command is working properly. The SYSTEM command procedure returning error sqlcode -668 and the message is " system command cannot be executed".I want answer for this problem. I am using PB version 7.0. The Informix documentation states that the error-668 "The system command cannot be executed or ...

command logging only works when logged in via ssh/putty
On our SLES10.3 servers, we are working to get command logging functional. I have added the following code to the top of the /etc/profile.local file: function history_to_syslog { declare cmd cmd=$(fc -ln -0) logger -p local7.notice . SESSION = $$, CMD =$cmd } trap history_to_syslog DEBUG This should log all commands entered at the console to /var/log/messages. However, it only works if the person logs in via ssh or putty. If they log in via VNC or if someone does an SU over to another userid, the logging does not work. Any ideas? I have also tried putting the scri...

Connection via System.Data.Oracle nor ODBC does not work
Hi! I am trying to connect to Oracle database (9i) from ASP.NET (C#). System: Win 2K Server SP4 .NET Redistributable 1.1 with SDK ODBC and Oracle data providers (odbc_net.msi, oracle_net.msi) installed Database is dedicated server running on SUN Fire with Solaris Code written with MS Web Mattrix If I try Oracle: <% import Namespace="System.Data.OracleClient" %> it returns error message: Compiler Error Message: CS0234: The type or namespace name 'OracleClient' does not exist in the class or namespace 'System.D...

Web resources about - System command via CGI not working....but should - perl.beginners

Command - Wikipedia, the free encyclopedia
Text is available under the Creative Commons Attribution-ShareAlike License ;additional terms may apply. By using this site, you agree to the ...

Cameron Carpenter review: Bells and whistles matched by a command of the organ
It's certainly no exaggeration to call Cameron Carpenter's command of six keyboards (five for hands, one for feet) "genius". Purely in cognitive ...

Adele eclipses Taylor Swift to take command of the pop world
Adele Adkins is the first person to top the ARIA singles and albums charts in the same week since Swift exactly one year ago.

Command your club to victory in Sega’s Football Manager Mobile 2016
... How long can you survive on the Last Horizon? , and Dig, explore and collect stars in Starlit Adventures . Football Manager Mobile 2016 Command ...

How to craft your own custom voice commands for Amazon Echo's Alexa
With a little help from IFTTT, you can teach Alexa all sorts of new tricks. Here's how to get started.

Germany’s Second In Command Denounces Saudi Funding Of Radical Islam Abroad
Germany’s Second In Command Denounces Saudi Funding Of Radical Islam Abroad

Officer who shot 12-year-old Tamir Rice claims he aimed for toy gun, gave verbal commands
... I was focused on the suspect," Loehmann wrote. "Even when he was reaching into his waistband, I didn't fire. I still was yelling the command ...

Bethesda: Fallout 4 console commands 'not supported or recommended' on PC
In a very Bethesda-like fashion, messing around with console commands on the PC version of Fallout 4 might completely bug out your game more ...

Amazon Echo owners can create custom voice commands with IFTT
... item to your shopping list is pretty cool, but there comes a point where you start to feel the limits of the Echo's pre-programmed voice commands. ...

Chinese Hacker Group Uses Dropbox for Malware Command and Control
NEWS ANALYSIS: The current malware threat isn't targeting U.S. interests now, but the hacker group could easily turn its attention in that direction ...

Resources last updated: 12/18/2015 4:02:30 PM