HPE Community
Operating System - HP-UX
1820290 Members
3059 Online
109622 Solutions
New Discussion юеВ

Re: kill a process and get the output in the browser using perl

 
'chris'
Super Advisor

тАО07-27-2005 11:51 AM

тАО07-27-2005 11:51 AM

kill a process and get the output in the browser using perl

hi

I'd like to kill a process and get the output in the browser.
I have written this script, but it won't kill the process:

#!/usr/bin/perl -w

use strict;
use warnings;
use CGI;
my $query = new CGI;
use CGI::Carp qw(fatalsToBrowser);

my $process = "darkstat";
my $prog =$ARGV[0];

print $query->header;
print "\n";
print "\n";
print "stop darkstat\n";
print "\n";
print "\n";
print "
";

my $return = 'ps -eaf |grep $process |grep -v grep';

if ($return)
{ my $stop = system('killall -$return $prog 2>/dev/null');
if ($stop == -1)
{ print "failed to execute: $!\n";
} elsif ($stop & 127)
{ printf "darkstat was killed with signal %d, %s coredump\n", ($stop & 127), ($stop & 128) ? 'with' : 'without';
} else
{ printf "darkstat exited with value %d\n", $stop >> 8;
}
}

print "
";
print "";
print "";


knows someone what's wrong ?
0 Kudos
Reply
3 REPLIES 3
A. Clay Stephenson
Acclaimed Contributor

тАО07-27-2005 02:37 PM

тАО07-27-2005 02:37 PM

Re: kill a process and get the output in the browser using perl

It really has nothing to do with running in a browser and it has nothing to do with Perl. A process can only be killed by
a user whose effective UID matches that of the process or by a super-user. Only those processes owned by the user 'www' (if that is the effective user) can be killed. If the "killall" script is a setuid script it would scare me to death to have it launched by httpd. That is a security event waiting to explode.
If it ain't broke, I can fix that.
0 Kudos
Reply
'chris'
Super Advisor

тАО07-27-2005 09:13 PM

тАО07-27-2005 09:13 PM

Re: kill a process and get the output in the browser using perl

that's only an internal server.

this script doesn't work as root user from command line.
0 Kudos
Reply
Ralph Grothe
Honored Contributor

тАО07-28-2005 12:24 AM

тАО07-28-2005 12:24 AM

Re: kill a process and get the output in the browser using perl

So you aren't using taint checking?
That's why you can't see Perl choking ;-)

First killall, which seems to be a wrapper (as acustomed from Linux) round kill, expects that you pass it a signal you wish to send to procs (the string that's contained in $return).

I cannot distinguish exactly in my browser (the quotes don't come out very good),
but I guess you were using the wrong pair of quotes.
I guess you want to capture the output from the ps command in $return rather than assigning it a string.
You need to use backticks "`" or qx() for that.
Then $return is a bit of a misnomer.
I guess you meant $signal.
And $proc should hold the output from your external call of ps.

Even if your webserver was running as root
(viz. setting USER=root in httpd.conf)
and thus had sufficient power to shoot every process I must insist that your script would be extremely insecure.
It passes client input right to the shell because you stick to calling system() with a single argument.

Finally, why are you pulling in all the code from CGI.pm, and then not using its fine functions/methods to get CGI input, i.e. param().

I would strongly suggest throwing this code away and getting a good book on CGI in Perl
(e.g. the O'Reilly "Mouse" book would be a good starting point)
Madness, thy name is system administration
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.