From 9257e15f5ec6d8029bd98361f23535aa333850b8 Mon Sep 17 00:00:00 2001
From: Egor Tensin <Egor.Tensin@gmail.com>
Date: Sat, 27 Feb 2021 16:00:11 +0300
Subject: Python server can now be run as root

If run as root, the server queries all the users.
---
 cgi-bin/get.sh | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100755 cgi-bin/get.sh

(limited to 'cgi-bin/get.sh')

diff --git a/cgi-bin/get.sh b/cgi-bin/get.sh
new file mode 100755
index 0000000..ea4f4ce
--- /dev/null
+++ b/cgi-bin/get.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+set -o errexit -o nounset -o pipefail
+
+script_dir="$( dirname -- "${BASH_SOURCE[0]}" )"
+script_dir="$( cd -- "$script_dir" && pwd )"
+readonly script_dir
+
+# Python's http.server runs CGI scripts under user nobody.
+# This is not what we want unfortunately.
+# The best solution I could find so far is to create an entry in
+# /etc/sudoers.d, allowing the nobody user to run the real scripts w/ sudo.
+if [ "$( id --user --name )" == nobody ]; then
+    sudo --non-interactive --preserve-env "$script_dir/get.py"
+else
+    "$script_dir/get.py"
+fi
-- 
cgit v1.2.3