remote reboot

tommycahir

hi all not sure if this the right place to put this but i'm writing a cgi script that will allow the user to remotely reboot a server (could be running windows or linux).. i'm new to perl and havent got a clue on how to go about this any help would be greatly appreciated
i'm also using snmp as part of the script to retrive information about the device if thats any help to ye
thanking you
tommy

Typedef

remote user to reboot a server?

Through a webserver?


Why on earth would you want to breach system security like that?

tommycahir

it a collage proj using snmp i trying to allow the usr enter the ip address and community name then send the reboot command i no that it can be done using ssh but that involves switching to su so i trying to find another way of doing it if poss perhaps a system call that forces system reboot..

clearz

The following code will create a process on a win32 platform

use Win32::Process;
Win32::Process::Create($Process,
"c:\\nt\\system32\\notepad.exe",
"notepad",
0,
DETACHED_PROCESS,
".") || die "Create: $!";

you could replace the path 'c:\\nt\\system32\\notepad.exe' with a program to reboot the server. I dont know much about perl so im not sure this will work.

vibe666

i used to have an app that put a gui on the netsend command, and it also had a reboot command built into it. don't know if it would be any use to you though without the source.

can't even remember the name now, but at least you know it's possible.

tommycahir

tanx clearz for that ill have a bash at it at least i got something to start from..
i still wrecking my head bout the unix one though any ideas ???? any body???

soiaf

Heres a few lines of (brutally rough) PERL I put together to show you how to remotely execute a command on a UNIX system.

####
# start of code
#

#!/common/bin/perl

print "Content-type: text/html\n\n";
print "Should have created a file in /tmp called test.tst";

@mytouch = ("/bin/touch", "/tmp/test.tst");
system( @mytouch );

#
# end of code
###

So the above would create an empty file in the /tmp directory.
The file created would be owned by the nobody user (or whoever the owner of the web process is set to be).
And there is one major problem for you. Unless you run the web process as root (or some other equivalent high-power user account), any CGI will be called with the permissions of the owner of the web process.
But this would mean that all processes carried out by the web server will be done using this high-power account.
But of course the whole idea of a PERL script doing a remote reboot is pretty shocking anyway.
What might be (only slightly less troubling) a better idea is to keep the web server process running under a low level account as normal, and try to call a program using sudo (type sudo into google to find loads info about this command).
With sudo you <might> be able to set it up that the nobody account (or whatever account the web server runs under) can call the reboot command (or the shutdown command) without having to pass a password (the usual method when using sudo).

Hope this is of some help.

soiaf

Just had another idea about this.
Instead of trying to execute a command directly from the web process, you could try the following:

* Write a simple piece of PERL (CGI) that, when the user calls it, will create a file, and put some content in that file. You would then have a cron process running that would check every minute if the file existed, and contained the correct content. If it did exist it would remove the file (or change the content of the file, or create another file - whatever) and then reboot the server.

In this way the web process could run using its usual low privelege account, the cron job could be owned by a user with sufficient privileges to reboot.
Still loads of security type issues with the above, but a bit better.

Alternatively as you were talking about ssh, you might be able to use that with sudo to allow you to call a suitable reboot command with having to do an su.

Typedef

Why not just sudo a shell script?

scojones

But putting the user that the web server runs as, in /etc/sudoers is crazy! In fact this whole thread is crazy. Why would a college want you to do such a crazy thing. If it was executing some other command, like 'uname -a' i'd understand.. Well sort of, but wanting you to elevate privileges to reboot the machine.. That's just madness.

seamus

The NTRK contains a command similar to
"shutdown \\COMPUTER" which could do it for you.

I like flamey's idea. More secure obviously.

Arion

I haven't tried this, but if you applied the stickey bit to the shutdown command, you could then use a bash cgi script.

#!/bin/bash

#Actually who cares if we do this or not, once the script
#runs does it matter whether or not it outputs correct CGI headers, to return a webpage.
echo -e "Content-type: text/html\n\n"

/sbin/shutdown -r now

I'd just however like to reiterate, that this sounds insane.

Alternatively you could do the CGI in C, apply the stickey bit, call setuid(0), and setgid(0), and call it through exec*() -(which I haven't used in ages)

Arion

I don't think security is much of a concern here. Allowing apache to reboot a web browser, is about as insecure, as you could get.