Re: remote invocation for any user



On Jan 7, 6:57 pm, Tim Greer <t...@xxxxxxxxxxxxx> wrote:
james.bruckm...@xxxxxxxxx wrote:
Hello perl gurus,

I have a big problem with the following program:
DCC.pl
...
$cmd = "ssh  operator\@192.168.12.12 /usr/local/bin/CCD.pl $IP $user
\n";
system($cmd);

It works perfectly, for the operator user. It invokes on another box
the specified program CCD.pl with the correct parameters. Both boxes
are Sun running Solaris 8 and openssh. and I have ran ssh-keygen -t
rsa to generate pub and private keys and used these to enusre that ssh
works without a password.

The two parameters are entered by the user in a GUI over which I dont
have a lot of control.

The _big_ problem is that lots of different users need to log into the
GUI and this remote invocation only works for the operator user.

If you have an idea on a possible solution then please post it!!

TIA

James

How is it failing for the other (non operator) users?  Did you test this
from a non operator user's shell to rule out this being a Perl related
issue?  Are you sure you don't want to enclose the command and
arguments in double quotes for the ssh call?  Are you sure you want to
allow any user access to blindly pass a command over a trusted SSH key
to another server, where your code looks like it'll allow them to break
out of that command and pass other commands and arguments?  I.e.,
"/pah/to/program argument; /bin/rm -rf /" (as an example).  I hope
you're doing some sanity and security checks if you are going to let
just anyone enter commands and arguments.
--
Tim Greer, CEO/Founder/CTO, BurlyHost.com, Inc.
Shared Hosting, Reseller Hosting, Dedicated & Semi-Dedicated servers
and Custom Hosting.  24/7 support, 30 day guarantee, secure servers.
Industry's most experienced staff! -- Web Hosting With Muscle!- Hide quoted text -

- Show quoted text -

Thanks for your interest!
How is it failing for the other (non operator) users?
It just hangs the gui.
Did you test this from a non operator user's shell to rule out this being a Perl related issue?
I did invoke DCC.pl from the shell that hangs too.
Are you sure you don't want to enclose the command and arguments in double quotes for the ssh call?
hmmm backslashed double quotes, it would neeed I guess, I could do
that, but it works OK without, at least for the operator user.
Are you sure you want to allow any user access to blindly pass a command over a trusted SSH key to another server,
Good question, but yes I am sure, users dont normally have access to
the command line, and if they had baad intent as a non-root user they
could pose more of a risk on the originating box than the target box -
and actually there is only a few users - and they are the good
guys ;-).
so I really do want any user to be able to use the functionality.
.