Php www-data program that creates a crontab and calls a C program that executes root commands to copy it into crontabs and install it

From Wiki2
Revision as of 15:00, 31 December 2013 by Tim (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Here's an example of a crontab that does something every minute 

#m h md m wd user command
* * * * * /bin/echo " siteNoHstilloobar $(date) " >> /usr/local/docs/testcron.txt

you can see in testcron.txt and know its running from cron by seeing it in the log by running 

root@server1 ~# tail /var/log/syslog

refp from Stackoverflow had a prg to execute-root-commands-via-php So I could put commands in wrapper.c and they would execute with root permissions. This allowed me to replace the user:sitebuil crontab and install it. Did this and put wrapper.c and installCron (the compiled version) here 

root@server1 sitebuil/scripts# gcc wrapper.c -o installCron

wrapper.c <syntaxhighlight lang="c">

  1. include <stdlib.h>
  2. include <sys/types.h>
  3. include <unistd.h>

int main (int argc, char *argv[]) {setuid (0); 

/* WARNING: Only use an absolute path to the script to execute,
 *          a malicious user might fool the binary and execute
 *          arbitary commands if not.
 * */
system ("cp /usr/local/docs/newSitebuilCron /var/spool/cron/crontabs/sitebuil");
system ("/usr/bin/crontab -u sitebuil /var/spool/cron/crontabs/sitebuil");
return 0;

} </syntaxhighlight> This create a crontab file and installs it from php www-data http://pathboston.com/zstill/wwwcron.php <syntaxhighlight lang="php"> <?php //testfile to have ph create a newSitebuilCron file and replace /var/spool/cron/crontab/sitebuil $fp = fopen('/usr/local/docs/newSitebuilCron', 'w'); fwrite($fp, '#m h md wd user cmd'.PHP_EOL. '* * * * * /bin/echo " first line $(date) " >> /usr/local/docs/testcron.txt'.PHP_EOL. '* * * * * /bin/echo " second line $(date) " >> /usr/local/docs/testcron.txt'.PHP_EOL ); fclose($fp); echo 'it ran'; //wrapper.c compiled -> installCron prog that runs as anybody but executes root commands //copying usr/local/docs/newSitebuilCron to /var/spool/cron/crontab/sitebuil //and then installing the sitebuil crontab exec('/home/sitebuil/scripts/installCron'); ?> </syntaxhighlight> This is a bit of what is in the testcron.txt file 

 first line Sat Jan  5 15:09:01 EST 2013 
 second line Sat Jan  5 15:10:01 EST 2013 
 first line Sat Jan  5 15:10:01 EST 2013 
 second line Sat Jan  5 15:11:01 EST 2013 
 first line Sat Jan  5 15:11:01 EST 2013 
 second line Sat Jan  5 15:12:01 EST 2013
Retrieved from "https://wiki2.sitebuilt.net/index.php?title=Php_www-data_program_that_creates_a_crontab_and_calls_a_C_program_that_executes_root_commands_to_copy_it_into_crontabs_and_install_it&oldid=6808"