K
Kristina Clair
Hi,
I have a perl script running suid root (thus running in taint mode), and
I'm trying to execute a shell command. Usually I do this using
backticks so I can get the output, and usually it is not a problem.
However, in this instance I am trying to execute a python script, and
the python script does not seem to be running as root, but as the apache
user.
Interestingly, using system() changes this and the python script runs
appropriately as root. But, I'm having the following problems:
- if I use system("/python/command args") then the python script
executes appropriately but the output from the python script is being
sent to httpd and i'm getting an internal server error due to malformed
headers
- if I use system("/python/command args >/dev/null") perl does not like
this at all and it seems to not only not execute the python script, but
it runs the perl script again from the beginning (!?!?!?!)
So I'm very confused by this behavior. Does anyone have any ideas about
what is going on? What is the difference between using backticks and
system() in terms of how the perl script is calling the python script?
And is there a way for system() to be happy but not send output to httpd?
Thanks for any help.
Kristina
I have a perl script running suid root (thus running in taint mode), and
I'm trying to execute a shell command. Usually I do this using
backticks so I can get the output, and usually it is not a problem.
However, in this instance I am trying to execute a python script, and
the python script does not seem to be running as root, but as the apache
user.
Interestingly, using system() changes this and the python script runs
appropriately as root. But, I'm having the following problems:
- if I use system("/python/command args") then the python script
executes appropriately but the output from the python script is being
sent to httpd and i'm getting an internal server error due to malformed
headers
- if I use system("/python/command args >/dev/null") perl does not like
this at all and it seems to not only not execute the python script, but
it runs the perl script again from the beginning (!?!?!?!)
So I'm very confused by this behavior. Does anyone have any ideas about
what is going on? What is the difference between using backticks and
system() in terms of how the perl script is calling the python script?
And is there a way for system() to be happy but not send output to httpd?
Thanks for any help.
Kristina