From: Bob Brewer <ipfire-devel@grantura.co.uk>
To: development@lists.ipfire.org
Subject: Re: Peeking at unbound statistics from WUI
Date: Sat, 19 Jan 2019 10:44:03 +0000 [thread overview]
Message-ID: <q1uv1k$5cr$1@tuscan3.grantura.co.uk> (raw)
In-Reply-To: <FA7D5322-5550-4627-866D-02B6E3730E9D@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 1418 bytes --]
Michael Tremer wrote:
>> Can someone point me in the right direction for peeking unbound
>> statistics from perl/cgi scripts? I’ve tried sudo-ing (I’d rather not,
>> for security reasons), separate bash scripts and qx/backticks, they all
>> seem to fail with exit code 256 which seems to be a permission problem.
>> Running anything from an SSH session obviously succeeds, because then I
>> have all the rights I need.
>
> Depending how fit you are with C, you can build such a “setuid binary”
> yourself. There is plenty of inspiration here:
>
I had the same problem when porting the IPCop Banish addon to IPFire because
the setuid binary program that was bundled with the original Banish addon
did not run on a lot of the hardware I was using for testing.
As a workaround I added my update command to /etc/sudoers as
nobody ALL=NOPASSWD: /your/command/here
so it can be run from the cgi with sudo.
I suspect that this has security implications so use at your own risk.
> https://git.ipfire.org/?p=ipfire-2.x.git;a=tree;f=src/misc-progs;h=a1a3f2c9ca75d8077a6f3d122b7a5e7ffaa71432;hb=HEAD
>
> But since you have said that you are not a developer, this might be a
> little bit hard :) Let me know where I can help out.
>
Thank you for the links Michael this should be the way I should go with
Banish. I'll see if get something compiled for my prog.
HTH
Rob
next prev parent reply other threads:[~2019-01-19 10:44 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-18 15:03 Michael Tremer
2019-01-19 10:44 ` Bob Brewer [this message]
2019-01-21 10:51 ` Michael Tremer
2019-01-21 11:50 ` Bob Brewer
2019-01-21 10:28 Bob Brewer
2019-01-21 11:02 Michael Tremer
2019-01-21 11:35 ` Tom Rymes
2019-01-21 11:38 ` Michael Tremer
2019-01-22 14:16 Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='q1uv1k$5cr$1@tuscan3.grantura.co.uk' \
--to=ipfire-devel@grantura.co.uk \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox