Hi,
On 19 Jan 2019, at 10:44, Bob Brewer ipfire-devel@grantura.co.uk wrote:
Michael Tremer wrote:
Can someone point me in the right direction for peeking unbound statistics from perl/cgi scripts? I’ve tried sudo-ing (I’d rather not, for security reasons), separate bash scripts and qx/backticks, they all seem to fail with exit code 256 which seems to be a permission problem. Running anything from an SSH session obviously succeeds, because then I have all the rights I need.
Depending how fit you are with C, you can build such a “setuid binary” yourself. There is plenty of inspiration here:
I had the same problem when porting the IPCop Banish addon to IPFire because the setuid binary program that was bundled with the original Banish addon did not run on a lot of the hardware I was using for testing.
As a workaround I added my update command to /etc/sudoers as nobody ALL=NOPASSWD: /your/command/here so it can be run from the cgi with sudo.
I suspect that this has security implications so use at your own risk.
https://git.ipfire.org/?p=ipfire-2.x.git;a=tree;f=src/misc-progs;h=a1a3f2c9c...
But since you have said that you are not a developer, this might be a little bit hard :) Let me know where I can help out.
Thank you for the links Michael this should be the way I should go with Banish. I'll see if get something compiled for my prog.
I still think you should have a look at my last email on this. It might make sense to integrate that functionality into the firewall engine that we have which will save you a lot of coding of things that are already there.
Best, -Michael
HTH
Rob