Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

remote reboot

  • 29-01-2004 5:16pm
    #1
    Registered Users, Registered Users 2 Posts: 2,591 ✭✭✭


    hi all not sure if this the right place to put this but i'm writing a cgi script that will allow the user to remotely reboot a server (could be running windows or linux).. i'm new to perl and havent got a clue on how to go about this any help would be greatly appreciated
    i'm also using snmp as part of the script to retrive information about the device if thats any help to ye
    thanking you
    tommy


Comments

  • Closed Accounts Posts: 5,564 ✭✭✭Typedef


    remote user to reboot a server?

    Through a webserver?


    Why on earth would you want to breach system security like that?


  • Registered Users, Registered Users 2 Posts: 2,591 ✭✭✭tommycahir


    it a collage proj using snmp i trying to allow the usr enter the ip address and community name then send the reboot command i no that it can be done using ssh but that involves switching to su so i trying to find another way of doing it if poss perhaps a system call that forces system reboot..


  • Registered Users, Registered Users 2 Posts: 885 ✭✭✭clearz


    The following code will create a process on a win32 platform

    use Win32::Process;
    Win32::Process::Create($Process,
    "c:\\nt\\system32\\notepad.exe",
    "notepad",
    0,
    DETACHED_PROCESS,
    ".") || die "Create: $!";

    you could replace the path 'c:\\nt\\system32\\notepad.exe' with a program to reboot the server. I dont know much about perl so im not sure this will work.


  • Registered Users, Registered Users 2 Posts: 13,016 ✭✭✭✭vibe666


    i used to have an app that put a gui on the netsend command, and it also had a reboot command built into it. don't know if it would be any use to you though without the source.

    can't even remember the name now, but at least you know it's possible.


  • Registered Users, Registered Users 2 Posts: 2,591 ✭✭✭tommycahir


    tanx clearz for that ill have a bash at it at least i got something to start from..
    i still wrecking my head bout the unix one though any ideas ???? any body???


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 139 ✭✭soiaf


    Heres a few lines of (brutally rough) PERL I put together to show you how to remotely execute a command on a UNIX system.

    ####
    # start of code
    #

    #!/common/bin/perl

    print "Content-type: text/html\n\n";
    print "Should have created a file in /tmp called test.tst";

    @mytouch = ("/bin/touch", "/tmp/test.tst");
    system( @mytouch );

    #
    # end of code
    ###

    So the above would create an empty file in the /tmp directory.
    The file created would be owned by the nobody user (or whoever the owner of the web process is set to be).
    And there is one major problem for you. Unless you run the web process as root (or some other equivalent high-power user account), any CGI will be called with the permissions of the owner of the web process.
    But this would mean that all processes carried out by the web server will be done using this high-power account.
    But of course the whole idea of a PERL script doing a remote reboot is pretty shocking anyway.
    What might be (only slightly less troubling) a better idea is to keep the web server process running under a low level account as normal, and try to call a program using sudo (type sudo into google to find loads info about this command).
    With sudo you <might> be able to set it up that the nobody account (or whatever account the web server runs under) can call the reboot command (or the shutdown command) without having to pass a password (the usual method when using sudo).

    Hope this is of some help.


  • Registered Users, Registered Users 2 Posts: 139 ✭✭soiaf


    Just had another idea about this.
    Instead of trying to execute a command directly from the web process, you could try the following:

    * Write a simple piece of PERL (CGI) that, when the user calls it, will create a file, and put some content in that file. You would then have a cron process running that would check every minute if the file existed, and contained the correct content. If it did exist it would remove the file (or change the content of the file, or create another file - whatever) and then reboot the server.

    In this way the web process could run using its usual low privelege account, the cron job could be owned by a user with sufficient privileges to reboot.
    Still loads of security type issues with the above, but a bit better.

    Alternatively as you were talking about ssh, you might be able to use that with sudo to allow you to call a suitable reboot command with having to do an su.


  • Closed Accounts Posts: 5,564 ✭✭✭Typedef


    Why not just sudo a shell script?


  • Closed Accounts Posts: 7,230 ✭✭✭scojones


    But putting the user that the web server runs as, in /etc/sudoers is crazy! In fact this whole thread is crazy. Why would a college want you to do such a crazy thing. If it was executing some other command, like 'uname -a' i'd understand.. Well sort of, but wanting you to elevate privileges to reboot the machine.. That's just madness.


  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    The NTRK contains a command similar to
    "shutdown \\COMPUTER" which could do it for you.

    I like flamey's idea. More secure obviously.


  • Advertisement
  • Closed Accounts Posts: 37 Arion


    I haven't tried this, but if you applied the stickey bit to the shutdown command, you could then use a bash cgi script.

    #!/bin/bash

    #Actually who cares if we do this or not, once the script
    #runs does it matter whether or not it outputs correct CGI headers, to return a webpage.
    echo -e "Content-type: text/html\n\n"

    /sbin/shutdown -r now

    I'd just however like to reiterate, that this sounds insane.

    Alternatively you could do the CGI in C, apply the stickey bit, call setuid(0), and setgid(0), and call it through exec*() -(which I haven't used in ages)


  • Closed Accounts Posts: 37 Arion


    I don't think security is much of a concern here. Allowing apache to reboot a web browser, is about as insecure, as you could get.


Advertisement