解决apache+python无法执行一些root命令的问题
用root启动python服务器端,远程可以执行任何root命令
#/usr/bin/python #Filename:agent.py #siyu@2012-6-29
#example: #curl hostname:PORT_NUMBER/?PASSWORD?COMMAND?OPTION #
import time import BaseHTTPServer import urlparse import os
PASSWORD = 'hello1234'
HOST_NAME = 'sqa.broom.cm4' # !!!REMEMBER TO CHANGE THIS!!! PORT_NUMBER = 8082 # Maybe set this to 9000.
def testcommand(c): commandzoo = ('ls','fdisk') if c not in commandzoo: return 1 return 0
class MyHandler(BaseHTTPServer.BaseHTTPRequestHandler): def do_HEAD(s): s.send_response(200) s.send_header("Content-type", "text/html") s.end_headers() def do_GET(s): """Respond to a GET request.""" s.send_response(200) s.send_header("Content-type", "text/html") s.end_headers() #s.wfile.write("<html><head><title>ngis agent</title></head>") print s.path string = s.path string = string.split('?') passwd = string[1] command = string[2] option = string[3] if passwd == PASSWORD: if testcommand(command) == 1: s.wfile.write("command not found") else: x = "" #x = "/bin/" x = command x += " " x += option print x output = os.system(x) print "result",output s.wfile.write(output) else: s.wfile.write("password error") #s.wfile.write("<p>You accessed path: %s</p>" % s.path) #s.wfile.write("</body></html>")
if __name__ == '__main__': server_class = BaseHTTPServer.HTTPServer httpd = server_class((HOST_NAME, PORT_NUMBER), MyHandler) print time.asctime(), "Server Starts - %s:%s" % (HOST_NAME, PORT_NUMBER) try: httpd.serve_forever() except KeyboardInterrupt: pass httpd.server_close() print time.asctime(), "Server Stops - %s:%s" % (HOST_NAME, PORT_NUMBER)