Re: Security?

Tue, 09 Sep 2003 09:10:54 -0700 


On Monday, Sep 8, 2003, at 22:57 US/Pacific, Greenhalgh David wrote:
[..]
I refer you to the answer I received from Drieux to (almost) exactly the same question.

---Drieux's code---
#!/usr/bin/perl -w
        use strict;
        use Fcntl qw/O_CREAT O_RDWR O_EXCL O_RDONLY/;;
        
        my $path = 'textfile.txt';
        sysopen(HANDLE, $path, O_RDWR|O_CREAT|O_EXCL);
        close(HANDLE);
                
#       my $cnt = chmod 0764, 'textfile.txt';
my $cnt = chmod 0644, 'textfile.txt';

never set the execute bit unless needed to be executable,
just becaue I was having a bad hair day. is no excuse.
{ note the O_EXCL is also boat anchor code in there... }
the only person who needs 'write' permission is the person
who is going to 'write the file'. Unless the CGI is running
in some suexec to the 'user logged in' that 'person' will
most likely be the UID of the web-server.

It should also be noted that while 'what is executable'
by the web server can be 'controled' from it's config file,
it is best to be safe and NOT allow the execute bit to be
set, it is not a gurantee that someone will not wind up
doing something wanky - but it will require that they
show some talent.

        print "got $cnt\n";
---------

What I think is happening (and I'm sure I'll be corrected if I'm wrong!)
[..]

Basically a way to solve the problem.

Since the OP has the opening gambit of making
the user login, that limits who can gain access
on the 'write side' of the process. Setting the
permission 0xx4 means that anyone can READ the
document so written. Which normally also means
the person who wrote it....

As for actually controlling access to a file that
is up on the web-server, there are a variety of
strategies - writing the file into a place that
has a .htaccess file with a clear list of who
IS authorized to read it.

Otherwise one can write the actual file to some
space that is NOT under the web-server control
by 'default', and then write a piece of CGI code
that will 'read' from there. eg: if the web server
is going to root it's documents in say

/srv/web/htdocs/....

then if one sets up a spare file system tree

/srv/web/special_docs/....

then an effort to access the document as say

http://host/special_docs/test.txt

will blow a 500 series error...

But when the user calls out say

http://host/cgi_bin/news_reader.cgi

it will present them with a list of known news stories
using the /srv/web/special_docs/... tree as it's input
for what files are currently available.

HTH.



ciao
drieux

---


--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to