[evolvis-commits] r7331: Added installation of fileforge.pl. Note: mode is 4755 ( 755 +↵ setuid?=).=?UTF-8?Q?↵
mirabilos at evolvis.org
mirabilos at evolvis.org
Thu Feb 24 15:38:48 CET 2011
- Previous message: [evolvis-commits] r7330: Adding this script to the repository. =?UTF-8?Q?=E2=86=B5=20=E2=86=B5=20Concept=20is=20si?==?UTF-8?Q?mple?=: using system permissions on directories i =?UTF-8?Q?s=20not=E2=86=B5=20enough?=, since it gives write access on plenty of directories to the↵?==?UTF-8?Q? www-data user . ↵ ↵ Using a root =?UTF-8?Q?setuid=20script=20works?=, but then we have to make sure only↵ aut =?UTF-8?Q?horised=20invocations=20c?==?UTF-8?Q?an=20happen?=. Again, the permissions syst =?UTF-8?Q?em=20is=E2=86=B5=20not=20enough?=. Only pages in the Sourceforge website sh =?UTF-8?Q?ould=20be=20allowed=E2=86=B5=20to?==?UTF-8?Q?=20run=20it?=. =?UTF-8?Q?=E2=86=B5=20=E2=86=B5=20The=20trick?=: we check on the existence and validity of information only↵ =?UTF-8?Q?available=20to=20the=20appr?==?UTF-8?Q?opriate=20PHP=20scripts?=. Namely,=?UTF-8?Q?=20the=20database=E2=86=B5=20pass?==?UTF-8?Q?word?=. It 's stored in a root:root 600 file, it' s only exported to↵ a select subset of t =?UTF-8?Q?he=20web=20pages=20via=20a=20Se?==?UTF-8?Q?tEnv=20directive?=, =?UTF-8?Q?=20so=20it=20should=E2=86=B5=20be=20s?==?UTF-8?Q?ecure?=. =?UTF-8?Q?=E2=86=B5=20=E2=86=B5=20Of=20course?=, I could be wrong. In that case, please correct me. ↵ ↵ This is a Perl script using all kinds of taintedness ch =?UTF-8?Q?ecks=20as=20per=E2=86=B5=20?='perldoc perlsec'. ↵
- Next message: [evolvis-commits] r7332: * Added fileforge.pl, a setuid Perl script to move files around =?UTF-8?Q?=20securely=E2=86=B5=20=20=20=20=20?=( without needing to grant www-data read/ write permission on =?UTF-8?Q?=E2=86=B5=20=20=20=20=20=24user?=/incoming/ directories). Not using it yet, needs more testing. ↵
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mirabilos
Date: 2011-02-24 15:38:47 +0100 (Thu, 24 Feb 2011)
New Revision: 7331
Modified:
trunk/gforge_base/evolvisforge-5.1/gforge/debian/rules
Log:
Added installation of fileforge.pl. Note: mode is 4755 (755 +
setuid).
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/debian/rules
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/debian/rules 2011-02-24 14:38:46 UTC (rev 7330)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/debian/rules 2011-02-24 14:38:47 UTC (rev 7331)
@@ -93,6 +93,7 @@
install -m 755 deb-specific/install-exim.sh $(CURDIR)/debian/sourceforge/usr/lib/sourceforge/bin/
install -m 755 deb-specific/db-upgrade.pl $(CURDIR)/debian/sourceforge/usr/lib/sourceforge/bin/
install -m 755 deb-specific/fill-in-the-blanks.pl $(CURDIR)/debian/sourceforge/usr/lib/sourceforge/bin/
+ install -m 4755 deb-specific/fileforge.pl $(CURDIR)/debian/sourceforge/usr/lib/sourceforge/bin/
# install -m 755 deb-specific/sf-add-skill $(CURDIR)/debian/sourceforge/usr/bin/
# install -m 755 deb-specific/sf-register-theme $(CURDIR)/debian/sourceforge/usr/bin/
install -m 755 deb-specific/sf-add-skill $(CURDIR)/debian/sourceforge/usr/lib/sourceforge/bin/
- Previous message: [evolvis-commits] r7330: Adding this script to the repository. =?UTF-8?Q?=E2=86=B5=20=E2=86=B5=20Concept=20is=20si?==?UTF-8?Q?mple?=: using system permissions on directories i =?UTF-8?Q?s=20not=E2=86=B5=20enough?=, since it gives write access on plenty of directories to the↵?==?UTF-8?Q? www-data user . ↵ ↵ Using a root =?UTF-8?Q?setuid=20script=20works?=, but then we have to make sure only↵ aut =?UTF-8?Q?horised=20invocations=20c?==?UTF-8?Q?an=20happen?=. Again, the permissions syst =?UTF-8?Q?em=20is=E2=86=B5=20not=20enough?=. Only pages in the Sourceforge website sh =?UTF-8?Q?ould=20be=20allowed=E2=86=B5=20to?==?UTF-8?Q?=20run=20it?=. =?UTF-8?Q?=E2=86=B5=20=E2=86=B5=20The=20trick?=: we check on the existence and validity of information only↵ =?UTF-8?Q?available=20to=20the=20appr?==?UTF-8?Q?opriate=20PHP=20scripts?=. Namely,=?UTF-8?Q?=20the=20database=E2=86=B5=20pass?==?UTF-8?Q?word?=. It 's stored in a root:root 600 file, it' s only exported to↵ a select subset of t =?UTF-8?Q?he=20web=20pages=20via=20a=20Se?==?UTF-8?Q?tEnv=20directive?=, =?UTF-8?Q?=20so=20it=20should=E2=86=B5=20be=20s?==?UTF-8?Q?ecure?=. =?UTF-8?Q?=E2=86=B5=20=E2=86=B5=20Of=20course?=, I could be wrong. In that case, please correct me. ↵ ↵ This is a Perl script using all kinds of taintedness ch =?UTF-8?Q?ecks=20as=20per=E2=86=B5=20?='perldoc perlsec'. ↵
- Next message: [evolvis-commits] r7332: * Added fileforge.pl, a setuid Perl script to move files around =?UTF-8?Q?=20securely=E2=86=B5=20=20=20=20=20?=( without needing to grant www-data read/ write permission on =?UTF-8?Q?=E2=86=B5=20=20=20=20=20=24user?=/incoming/ directories). Not using it yet, needs more testing. ↵
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the evolvis-commits
mailing list