[Asterisk-Users] vmail.cgi: -rwsr-sr-x as root *still* won't read the files

[Tzafrir Cohen]

On Thu, Apr 28, 2005 at 11:43:57PM -0500, Brian Capouch wrote:
> I'm running Apache as "nobody."  Wondering why the SUID vmail.cgi script 
> still can't read my files; it comes with the bits set SUID, which I 
> thought would do the trick.
> 
> It works just fine if I make the files in the maildir world-readable.
> 
> Thanks.  No clues in the archives no Wiki that appear germane.

apache's suexec will not run suid scripts. It will also not run scripts as root.
It has a strict checklist (specified in its docs) that it checks the
target script before exeecuting it. If the script fails one of those
requirements, you'll see a note in suexec's logs.

Linux in general will not run SUID scripts (executables whose magic is 
'#!') as some race conditions will allow you to abuse this to run 
arbitrary command as the target user.

Anyway, asterisk should not be running as root. It should be running 
under its own, separate user. That's what the switch -U is for.
And now you only have to find a way to run that script as that asterisk
user.

-- 
Tzafrir Cohen         | tzafrir at jbr.cohens.org.il | VIM is
http://tzafrir.org.il |                           | a Mutt's  
tzafrir at cohens.org.il |                           |  best
ICQ# 16849755         |                           | friend