php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #22890 CLI setuid scripts don't run setuid
Submitted: 2003-03-26 03:27 UTC Modified: 2003-03-26 09:38 UTC
From: gavin at itmerge dot com Assigned:
Status: Not a bug Package: CGI/CLI related
PHP Version: 4.3.1 OS: Linux 2.4.18
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: gavin at itmerge dot com
New email:
PHP Version: OS:

 

 [2003-03-26 03:27 UTC] gavin at itmerge dot com 
/* my sample script is */
 
#!/usr/local/bin/php
<?php
echo posix_getmyeuid()."\n";
?>

/*
root#chown root.vhost /scripts/myscript
root#chmod 4710 /scripts/myscript
root#useradd -u 1001 gavin
root#usermod gavin -G vhost
root#logout
gavin$/scripts/myscript
1001
gavin$

i had to create /usr/local/bin/setuid_php
and chmod 4710 it to be able to make my php scripts run setuid root (i'm not a perl person i don't know if perl supports setuid but I know scripts that i pass thru 
/bin/zsh support setuid)

I don't really like having that script there :0 
because A, I'm learning but i'm learing quickly
that the more "permissions" you have the 
more you're likely to get a stuck up the rear end
and essentially that lets anyone become god on my system who might find it, I think i'm going to go move it outside of /usr/local/bin right now


*/

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-03-26 04:05 UTC] gavin at itmerge dot com 
whoops spelt posix_geteuid(); wrong :P
 [2003-03-26 09:36 UTC] edink@php.net 
Modern kernels on Unix and Unix-like operating systems simply ignore set uid bit on shebang scripts (those that begin with #!).

Some interpreters (like perl) choose to implement workaraounds, but if you really need to make a script suid, it is very easy to achieve so with a simple C wrapper program.

There are no plans to implement any perl-like workaround in PHP at the present time.
 [2003-03-26 09:38 UTC] iliaa@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

Uid of the binary, which is PHP is what matters, the script's uid does not matter since it is a parameter.
 [2010-06-13 03:21 UTC] php at richardneill dot org 
In 2003, the response was:
  "There are no plans to implement any perl-like workaround in PHP at the
  present time."

Might I request that, 7 years later, and with much increased use of php as a general-purpose scripting language, it might be worth re-visiting this?
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 18:01:29 2024 UTC