Why would you see security warnings? You don't even need a wrapper. If you
write your program carefully, you can setuid it and it can be run by anyone,
including the webserver.
________________________________________
From: on behalf of frankvd99
Sent: Thursday, January 13, 2011 5:31 PM
To:
Subject: [ts-7000] Re: TS7500 DIO control while user is not root
I've studied your advise Jim,
I'm trying to control my application from a webserver. If I see all kinds of
security warning than this is not the thing that I want to do.
Frank
--- In Jim Jackson <> wrote:
>
>
>
>
> On Thu, 13 Jan 2011, frankvd99 wrote:
>
> > Hi Jonatan, Jim,
> > Thanks for your feedback.
> >
> > I've tried to do a chmod 666 on /dev/mem but that still does not solve
> > the problem. Also when I reboot the system the properties are set back to
> > 600
>
> ... I'm not surprised.
>
> > I find conflicting information when I google around on this topic. Some
> > are saying /dev/mem will give access to the memory from the user space.
> > Others are saying you need to create a driver to get access to it.
> >
> > To me it is strange that there are several examples from Technologic
> > Systems available but there is never a notice that you should run it as
> > root. ftp://ftp.embeddedarm.com/ts-arm-sbc/ts-7500-linux/samples/dio.c
>
> Probably they assume there users have sufficient Linux knowledge
>
> > Are there other users of the TS7500 board who have different properties
> > for /dev/mem? I've downloaded and installed debian linux from the
> > Technologic FTP site a few weeks ago. Apart from some network settings I
> > did not change a lot yet.
>
> You seem to have completely ignored my advice about using a setuid wrapper
> program. Seems you can't help some people <shrug>.
>
> >
> > --- In Jim Jackson <jj@> wrote:
> > >
> > >
> > >
> > >
> > > On Thu, 13 Jan 2011, frankvd99 wrote:
> > >
> > > > I have a TS7500 board and trying to control the digital IO lines from
> > > > Debian-linux on the sd-card.
> > > >
> > > > When running the script below as user "root" it works fine. When doing
> > > > the same thing as user eclipse (or any other user) I get below message.
> > > >
> > > >
> > > > #!/bin/sh
> > > > . /initrd/ts7500.subr
> > > > #
> > > > echo "IO value of pin 5:"
> > > > getdiopin 5
> > > > #
> > > >
> > > > Response when user root:
> > > > IO value of pin 5:
> > > > 1
> > > >
> > > > Response when user eclipse:
> > > > ts7500ctl: ts7500ctl.c: 771 main: Assertion 'dev/mem !=-1' failed
> > > >
> > > > I've traced this back to the ts7500ctl.c file which is trying to open
> > > > /dev/mem, which is not allowed.
> > > >
> > > > Is there another way how I can get this done. My goal is to run TS7500
> > > > digital IO control from a CGI script in the Apache webserver. Apache
> > > > does
> > > > not allow you to run it as root, so that is not a workaround.
> > >
> > > You need a setuid program - see [1] for an overview of permissions. I
> > > believe you are not supposed to make scripts setuid, because of a possible
> > > security hole, so you probably need a program "wrapper" for your
> > > script[2].
> > >
> > > Jim
> > >
> > > [1] http://www.zzee.com/solutions/linux-permissions.shtml
> > > [2] http://www.tuxation.com/setuid-on-shell-scripts.html
> > >
> >
> >
> >
>
------------------------------------
Yahoo! Groups Links
------------------------------------
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/ts-7000/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/ts-7000/join
(Yahoo! ID required)
<*> To change settings via email:
<*> To unsubscribe from this group, send an email to:
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
|