From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Peeking at unbound statistics from WUI
Date: Mon, 21 Jan 2019 10:51:33 +0000 [thread overview]
Message-ID: <1CDB6253-28CE-470A-8DF7-340F11C0D067@ipfire.org> (raw)
In-Reply-To: <q1uv1k$5cr$1@tuscan3.grantura.co.uk>
[-- Attachment #1: Type: text/plain, Size: 1811 bytes --]
Hi,
> On 19 Jan 2019, at 10:44, Bob Brewer <ipfire-devel(a)grantura.co.uk> wrote:
>
> Michael Tremer wrote:
>
>>> Can someone point me in the right direction for peeking unbound
>>> statistics from perl/cgi scripts? I’ve tried sudo-ing (I’d rather not,
>>> for security reasons), separate bash scripts and qx/backticks, they all
>>> seem to fail with exit code 256 which seems to be a permission problem.
>>> Running anything from an SSH session obviously succeeds, because then I
>>> have all the rights I need.
>>
>> Depending how fit you are with C, you can build such a “setuid binary”
>> yourself. There is plenty of inspiration here:
>>
> I had the same problem when porting the IPCop Banish addon to IPFire because
> the setuid binary program that was bundled with the original Banish addon
> did not run on a lot of the hardware I was using for testing.
>
> As a workaround I added my update command to /etc/sudoers as
> nobody ALL=NOPASSWD: /your/command/here
> so it can be run from the cgi with sudo.
>
> I suspect that this has security implications so use at your own risk.
>
>> https://git.ipfire.org/?p=ipfire-2.x.git;a=tree;f=src/misc-progs;h=a1a3f2c9ca75d8077a6f3d122b7a5e7ffaa71432;hb=HEAD
>>
>> But since you have said that you are not a developer, this might be a
>> little bit hard :) Let me know where I can help out.
>>
>
> Thank you for the links Michael this should be the way I should go with
> Banish. I'll see if get something compiled for my prog.
I still think you should have a look at my last email on this. It might make sense to integrate that functionality into the firewall engine that we have which will save you a lot of coding of things that are already there.
Best,
-Michael
>
> HTH
>
> Rob
>
next prev parent reply other threads:[~2019-01-21 10:51 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-18 15:03 Michael Tremer
2019-01-19 10:44 ` Bob Brewer
2019-01-21 10:51 ` Michael Tremer [this message]
2019-01-21 11:50 ` Bob Brewer
2019-01-21 10:28 Bob Brewer
2019-01-21 11:02 Michael Tremer
2019-01-21 11:35 ` Tom Rymes
2019-01-21 11:38 ` Michael Tremer
2019-01-22 14:16 Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1CDB6253-28CE-470A-8DF7-340F11C0D067@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox