Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

security violation

 [1/5] from: gchiu::compkarori::co::nz at: 21-Dec-2000 16:41


I'm running a script in my cgi bin directory. The header is: #!/path/to/rebol --cgi -s but when my script attempts a write a new txt file to the cgi-bin directory, I get: REBOL - Security Violation How can I write to my cgi-bin? -- Graham Chiu

 [2/5] from: kevin:sunshinecable at: 20-Dec-2000 21:21


On Thu, 21 Dec 2000, Graham Chiu wrote:
> I'm running a script in my cgi bin directory. The header > is:
<<quoted lines omitted: 3>>
> REBOL - Security Violation > How can I write to my cgi-bin?
Assuming it's a Unix webserver... The webserver typically runs as user 'nobody' (or some other virtual user ID) with minimal permissions. One of the things 'nobody' can do is read and execute programs in your cgi-bin... but cannot write there. Imagine if someone was able to arbitrarily write some code to the cgi-bin as 'nobody' and then have the webserver execute it. What you should do is create a data directory somewhere else in your home directory (preferably *above* the directory the webserver uses as root, so that your data can't be retrieved via the webserver by some unscrupulous user) and give that directory read/write permissions for user 'nobody'. You could also create a sub-directory under your cgi-bin for the data, but you'd want to make sure that files in that directory were *not* executable for the same reason as not putting the data directly in the cgi-bin. Best regards, Kev

 [3/5] from: jeff:rebol at: 20-Dec-2000 21:30


Howdy, Graham:
> I'm running a script in my cgi bin directory. The header > is: > > #!/path/to/rebol --cgi -s
Try: rebol -cs ? -jeff

 [4/5] from: gchiu:compkarori at: 21-Dec-2000 21:03


On Wed, 20 Dec 2000 21:30:41 -0800 [jeff--rebol--net] wrote:
> > I'm running a script in my cgi bin directory. The > header > > is: > > > > #!/path/to/rebol --cgi -s > > Try: rebol -cs
Thanks, that worked. -- Graham Chiu

 [5/5] from: gchiu:compkarori at: 21-Dec-2000 21:06


On Wed, 20 Dec 2000 21:21:59 -0800 (PST) Kevin McKinnon <[kevin--sunshinecable--com]> wrote:
> The webserver typically runs as user 'nobody' (or some > other virtual user > ID) with minimal permissions. One of the things 'nobody' > can do is read > and execute programs in your cgi-bin... but cannot write > there.
But my Perl scripts can write to my cgi-bin directory. Rebol -cs does the trick
> What you should do is create a data directory somewhere > else in your home
<<quoted lines omitted: 4>>
> user) and give that directory read/write permissions for > user 'nobody'.
That's a thought. I was wondering where I could put data that I didn't want in my cgi-bin directory. I'll give that a go. Thanks, -- Graham Chiu

Notes
  • Quoted lines have been omitted from some messages.
    View the message alone to see the lines that have been omitted