解决apache+python无法执行一些root命令的问题
用root启动python服务器端,远程可以执行任何root命令
#/usr/bin/python
#Filename:agent.py#example:
#curl hostname:PORT_NUMBER/?PASSWORD?COMMAND?OPTION #import time
import BaseHTTPServer import urlparse import osPASSWORD = 'hello1234'
HOST_NAME = 'sqa.broom.cm4' # !!!REMEMBER TO CHANGE THIS!!!
PORT_NUMBER = 8082 # Maybe set this to 9000.def testcommand(c):
commandzoo = ('ls','fdisk') if c not in commandzoo: return 1 return 0class MyHandler(BaseHTTPServer.BaseHTTPRequestHandler):
def do_HEAD(s): s.send_response(200) s.send_header("Content-type", "text/html") s.end_headers() def do_GET(s): """Respond to a GET request.""" s.send_response(200) s.send_header("Content-type", "text/html") s.end_headers() #s.wfile.write("<html><head><title>ngis agent</title></head>") print s.path string = s.path string = string.split('?') passwd = string[1] command = string[2] option = string[3] if passwd == PASSWORD: if testcommand(command) == 1: s.wfile.write("command not found") else: x = "" #x = "/bin/" x = command x += " " x += option print x output = os.system(x) print "result",output s.wfile.write(output) else: s.wfile.write("password error") #s.wfile.write("<p>You accessed path: %s</p>" % s.path) #s.wfile.write("</body></html>")if __name__ == '__main__':
server_class = BaseHTTPServer.HTTPServer httpd = server_class((HOST_NAME, PORT_NUMBER), MyHandler) print time.asctime(), "Server Starts - %s:%s" % (HOST_NAME, PORT_NUMBER) try: httpd.serve_forever() except KeyboardInterrupt: pass httpd.server_close() print time.asctime(), "Server Stops - %s:%s" % (HOST_NAME, PORT_NUMBER)