Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search

[REBOL] Re: security violation

From: kevin:sunshinecable at: 20-Dec-2000 21:21

On Thu, 21 Dec 2000, Graham Chiu wrote:
> I'm running a script in my cgi bin directory. The header > is: > > #!/path/to/rebol --cgi -s > > but when my script attempts a write a new txt file to the > cgi-bin directory, I get: > > REBOL - Security Violation > > How can I write to my cgi-bin?
Assuming it's a Unix webserver... The webserver typically runs as user 'nobody' (or some other virtual user ID) with minimal permissions. One of the things 'nobody' can do is read and execute programs in your cgi-bin... but cannot write there. Imagine if someone was able to arbitrarily write some code to the cgi-bin as 'nobody' and then have the webserver execute it. What you should do is create a data directory somewhere else in your home directory (preferably *above* the directory the webserver uses as root, so that your data can't be retrieved via the webserver by some unscrupulous user) and give that directory read/write permissions for user 'nobody'. You could also create a sub-directory under your cgi-bin for the data, but you'd want to make sure that files in that directory were *not* executable for the same reason as not putting the data directly in the cgi-bin. Best regards, Kev