From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Peeking at unbound statistics from WUI Date: Mon, 21 Jan 2019 10:51:33 +0000 Message-ID: <1CDB6253-28CE-470A-8DF7-340F11C0D067@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2910932812414256370==" List-Id: --===============2910932812414256370== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, > On 19 Jan 2019, at 10:44, Bob Brewer wrote: >=20 > Michael Tremer wrote: >=20 >>> Can someone point me in the right direction for peeking unbound >>> statistics from perl/cgi scripts? I=E2=80=99ve tried sudo-ing (I=E2=80=99= d rather not, >>> for security reasons), separate bash scripts and qx/backticks, they all >>> seem to fail with exit code 256 which seems to be a permission problem. >>> Running anything from an SSH session obviously succeeds, because then I >>> have all the rights I need. >>=20 >> Depending how fit you are with C, you can build such a =E2=80=9Csetuid bin= ary=E2=80=9D >> yourself. There is plenty of inspiration here: >>=20 > I had the same problem when porting the IPCop Banish addon to IPFire becaus= e=20 > the setuid binary program that was bundled with the original Banish addon=20 > did not run on a lot of the hardware I was using for testing.=20 >=20 > As a workaround I added my update command to /etc/sudoers as > nobody ALL=3DNOPASSWD: /your/command/here > so it can be run from the cgi with sudo.=20 >=20 > I suspect that this has security implications so use at your own risk. >=20 >> https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dtree;f=3Dsrc/misc-progs;h= =3Da1a3f2c9ca75d8077a6f3d122b7a5e7ffaa71432;hb=3DHEAD >>=20 >> But since you have said that you are not a developer, this might be a >> little bit hard :) Let me know where I can help out. >>=20 >=20 > Thank you for the links Michael this should be the way I should go with=20 > Banish. I'll see if get something compiled for my prog. I still think you should have a look at my last email on this. It might make = sense to integrate that functionality into the firewall engine that we have w= hich will save you a lot of coding of things that are already there. Best, -Michael >=20 > HTH >=20 > Rob >=20 --===============2910932812414256370==--