[REBOL] Re: security violation
From: kevin:sunshinecable at: 20-Dec-2000 21:21
On Thu, 21 Dec 2000, Graham Chiu wrote:
> I'm running a script in my cgi bin directory. The header
> is:
>
> #!/path/to/rebol --cgi -s
>
> but when my script attempts a write a new txt file to the
> cgi-bin directory, I get:
>
> REBOL - Security Violation
>
> How can I write to my cgi-bin?
Assuming it's a Unix webserver...
The webserver typically runs as user 'nobody' (or some other virtual user
ID) with minimal permissions. One of the things 'nobody' can do is read
and execute programs in your cgi-bin... but cannot write there.
Imagine if someone was able to arbitrarily write some code to the cgi-bin
as 'nobody' and then have the webserver execute it.
What you should do is create a data directory somewhere else in your home
directory (preferably *above* the directory the webserver uses as root, so
that your data can't be retrieved via the webserver by some unscrupulous
user) and give that directory read/write permissions for user 'nobody'.
You could also create a sub-directory under your cgi-bin for the data, but
you'd want to make sure that files in that directory were *not*
executable for the same reason as not putting the data directly in the
cgi-bin.
Best regards,
Kev
