2

I have a Ubuntu 12.04 Custom Board running Apache2. I have a web page which calls a CGI script which is responsible for starting and stopping ipsec service. I access the web page from another machine in local environment. Following is the CGI script that gets called when I press a simple button in UI:

root@localhost:~# busybox cat /usr/lib/cgi-bin/stop-IPSec.cgi 
#!/bin/bash
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Configure IP Address"
echo "</title></head><body>"
echo $(whoami)
echo $(/etc/init.d/ipsec stop)
echo $(su root /etc/init.d/ipsec stop)
echo "</body></html>"

Gives me output:

www-data ipsec_setup: permission denied (must be superuser)

And the following line fails:

echo $(su root /etc/init.d/ipsec stop)

And gives this error in apache error log:

su: must be run from a terminal

And sudo is not available since I am running Ubuntu Core on board which I intent to use as Wifi Dongle. I want to stop ipsec service and that requires it to be root. How can this be achieved. Any pointers will make my day.

Harsh Vardhan
  • 151
  • 3
  • `chmod u+s` <-- look into it. – Chris S Nov 12 '14 at 15:42
  • @Chris: no change on `chmod u+s /usr/lib/cgi-bin/stopIPSec.cgi` I have not created any virtual site as in my HTML pages are in `/var/www/` folder, could this be an issue? – Harsh Vardhan Nov 13 '14 at 06:30
  • I have learned that I can exploit IPC Mechanism and make a script listening as a server and the cgi scripts can call that scripts as clients to execute actual shell commands. For Example I can call startIPSec from my cgi script and the receiving script can execute actual ipsec start which requires the user to be superuser. Only thing is I have to run that listening script with superuser permissions and I have no experience in writing such scripts. Please let me know if this makes sense and if there are any links explaining this concept with example. – Harsh Vardhan Nov 13 '14 at 07:03

0 Answers0