Help with basic CGI project?

Sadhunathan Nadesan sadhu at castandcrew.com
Fri Jun 20 12:25:41 EDT 2008


> Thanks for the useful info, that was great. The author of the bulk of
> the echo.mt script was Scott Raney, but the bit at the end that adds
> the shell call wasn't part of the original. Not sure where that came from.

..........

You are most welcome.

The add on lines came from yours truly,  :-)


I would like to add an additional post/question to this thread.  In the
example lines you refer to, a temporary file is written to /tmp.

Context:

On most if not all *nix systems, /tmp is set with world write permissions,
such as

     drwxrwxrwt   41 root   root   4046848 Jun 20 09:02 tmp

However, it is typically erased periodically, therefore, people feel
free to put various temporary files there knowing they don't have to
worry for the most part about cleanup.  In the example given, both the
"apache" user and anyone else can write to /tmp so it's a good place to
put a file that has to be accessed by both the CGI and other folks.


Problem:

On the other hand, sometimes CGI scripts are restricted from writing
outside of their docroot space.

Also, anything in /tmp is going to dissapear eventually on most systems.

What if you want to create a file that is more permanent in nature,
that can be overwritten by a CGI, and that can be accessed by anyone?

Will this raise cries of security hole, red flag, dangerous no-no?

Solution?:

Is there a security guide to creating such a directory/full path to file
"place"  such that it's ok for a CGI to write there, to keep the files
around permanently, and for an arbitrary user (who has log in permission
or file share permission, such as via SAMBA), to have access?

There might be multiple cases here, such as a VMware or Zen environment,
and/or a regular Linux environment, and/or a virtual server environment
like Plesk or Virtualmin.


Mahalo and aloha!  
Sadhu




More information about the use-livecode mailing list