From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Guidelines for creating a C Program launched by a WebGUI page.
Date: Thu, 16 Jan 2025 21:18:47 +0000
Message-ID: <78FC350D-EED0-4255-BC5C-1E4E31142003@ipfire.org>
In-Reply-To: <EDB740E3-EC57-48D6-8DE7-B29D8C16D82C@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4333065794527832216=="
List-Id: <development.lists.ipfire.org>

--===============4333065794527832216==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello Jon,

The reason why we are using the C helper programs is to elevate privileges to=
 the root user.

The web UI itself is running as an unprivileged user, but certain actions can=
 only be executed as root; for example launching a service.

Ideally as many actions as possible will be executed as a non-privileged user=
. In your case, downloading the lists comes to mind as well as modifying the =
configuration files. For those actions, you don=E2=80=99t need root privilege=
s and therefore not a helper binary.

> On 16 Jan 2025, at 18:07, jon <jon.murphy(a)ipfire.org> wrote:
>=20
> Hello,
>=20
> I am creating a C program for use with the RPZ project and I need your help.
>=20
> Right now there is a rpz.cgi WebGUI.  And it calls the following commands:
>=20
> ```
> &General::system('touch', "$CUSTOMLISTS_CONF"); }
> &General::system_output('/usr/sbin/rpz-config', 'list');
> &General::system('/usr/sbin/rpz-config', 'remove', $action_key, '--no-reloa=
d');
> &General::system('/usr/sbin/rpz-config', 'add', $name, $url, '--no-reload');
> &General::system('/usr/sbin/rpz-make', 'allowblock', '--no-reload');
> &General::system('/usr/sbin/rpz-config', 'reload');
> &General::system('/usr/local/bin/unboundctrl', 'restart');
> ```
>=20
> What determines which of these require a `rpzctrl.c`? =20

See above. I hope I could describe it well.

> Are there guidelines for `xyz-ctrl.c` programs?

There is lots. Because they can be launched by nobody and will run as root, t=
hey cannot do much. They cannot freely accept command line arguments and inte=
rpret those, but they can accept predetermined actions like =E2=80=9Cstart=E2=
=80=9D, =E2=80=9Cstop=E2=80=9D, =E2=80=9Crestart=E2=80=9D. The simpler, the b=
etter.

> I am guessing "touch, chown, chmod" do not require a C program but I don=E2=
=80=99t know "why". =20

That depends. If you are are touching files that are in a directory that nobo=
dy can write to, then there is no problem.

If you want to create files in a directory that is not owned by nobody you wi=
ll need to be root. Chmod and chown are also operations that require root per=
missions - usually.

>=20
> ```
> [root(a)ipfire tmp] # file /usr/bin/touch
> /usr/bin/touch: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynami=
cally linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 5.4.0, s=
tripped
>=20
> [root(a)ipfire tmp] # file /bin/chown
> /bin/chown: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamicall=
y linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 5.4.0, strip=
ped
>=20
> [root(a)ipfire tmp] # file /bin/chmod
> /bin/chmod: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamicall=
y linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 5.4.0, strip=
ped
> [root(a)ipfire tmp] #=20
> ```

To run any of these operations, you don=E2=80=99t need to run a shell command=
. You can do this in Perl.

> Is it because these are already compiled programs?
>=20
> So my ask is: what determines the items required in a `rpzctrl.c` type prog=
ram?

If you need to become root.

Hope this helps.

-Michael

> Best regards,
> Jon
>=20


--===============4333065794527832216==--