usr bin perl use strict use POSIX qw setuid strftime umask 066 my minU

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#!/usr/bin/perl
use strict;
use POSIX qw( setuid strftime);
umask 066;
my $minUID = 10000;
my $maxUID = 20000;
my %trusted = map { $_ => 1 } qw( root www hosttest );
my $user = $ARGV[0];
my $caller = getpwuid( $< );
unless( $trusted{$caller} ) {
die "Permission denied for user $caller\n";
}
die "Usage: $0 user command\n" unless( $user );
my ($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell,$expire) = getpwnam( $user );
die "User '$user' not found" unless( $name );
die "User '$name' is not a webhosting user\n" unless( $comment eq 'cgiuser' || ($uid >= $minUID && $uid <= $maxUID) );
setuid( $uid );
my $path = $ARGV[1];
my $type = $ARGV[2];
system "/bin/sh /web/hosttest/val $path $type";