sbox (cgi wrapper)

[yanksfan]

Hello everyone,
I just installed sbox, a cgi wrapper, and I'm having some trouble, and hopefully some of you have some experience with it. I couldn't find any other faqs or other documentation on sbox except for the author's original, which I might add is a bit confusing. btw, for the record, this is a trustix secure linux distro, and apache 1.3.27

I installed sbox ok. I turned off the chroot option for now, I just want to
get the suid/sgid to work first -- and that's what I'm having trouble with.

I'm using the username mikey and group users for a test. In the test
script, I printed out hello world, and also text from another file (print
`cat new.txt`) which has permissions of 640 (this is what I'm testing -- to
make sure suid and sgid is working correctly).

The file new.txt is owned by nobody (webserver) and group nobody (again,
the apache webserver). Now the user mikey doesn't have read access to
new.txt, but when I executed the script, he does, because it prints out the
data from new.txt, but from the shell, he can't read it.

In the sbox.log file, it is setting the correct suid/sgid (to username
mikey and group users). Mikey isn't in the group nobody, so I don't know why
he would have read access to it via sbox. I also created a new user and group, tommy and test, but with the same results. But if I changed the ownership to root and group root (and leave chmod 640), it can't read it for either tommy or mikey.

I hope I explained that ok

Thanks in advance,
-Mike

[yanksfan]

Nobody has a clue??

Ok, I turned off sbox for now. Now these are just plain cgi scripts. I made the new.pl script suid to tommy and group test, and still it prints out data from new.txt! (But still tommy can't read new.txt from the shell nor from the perl script via shell (e.g. ./new.pl)

I don't know what is wrong...

-Mike