What I mean is: AFAIK there is no existing mechanism anywhere
for automatically installing dependencies. I’m contemplating
writing custom code to check whether dependent packages are
installed, and if not, invoke raa-install (or something else)
explicitly (remembering that raa-install itself may not be
there).
That sounds like it would be very useful. I wish you luck with it.
Yes… perhaps one might handle Apache as the most common case,
and prompt the user otherwise. (I, for one, don’t want to get into
the nightmare of how to detect a dozen different server installations.)
No, especially not at first. If you write things in such a way that someone
else can take your code and modify it for their favourite web server then
that’s great.
As for permissions, if the file is installed as executable in the CGI
directory, it should be up to the user and the CGI writer to ensure that
things are secure. I’m not sure I understand the issue here.
Well, part of this is just my sketchy knowledge of web development
in general.
When I install a CGI by hand, I typically stumble into a number of
minor problems and fix them one at a time. For example, when a CGI
is writing into a flat file, I find that the file is not writable
because of its owner and/or permissions. But I suppose if the user
is “nobody” and I just make it rwx for nobody, then the dir can
live under cgi-bin and it still won’t be insecure, correct?
I’m just recalling advice of the form “Don’t ever do XYZ” where I
don’t recall what XYZ was, but it was not intuitively obvious how
that made anything insecure. So I’m always paranoid about putting
flat files and such under cgi-bin, though that seems to me the
natural place to put them.
Generally a CGI that requires read/write access to the filesystem has some
security concerns. Most of the time the script will run as nobody on a
UNIX-like box, but ‘nobody’ has to have read access to /etc/passwd and other
files. Write access is even worse because that opens up the door to all
kinds of other nasties.
Any CGI which requires write access to the filesystem should be content with
writing to a file in /tmp, and should be ok with that file disappearing at
some point. As to writing to other directories, a program that’s executable
via the web should not have the ability to write to another web-accessible
location unless absolutely necessary. Doing so makes whatever it writes
accessible by anybody else in the world. Writing to the CGI directory is
especially bad because the web server assumes that things in that directory
are exectables and so what’s written could be a nasty script.
This rule about not writing to anything but /tmp is sometimes broken by things
which allow file uploads to a media/images directory for example, but
normally there are all kinds of precautions taken in that case.
My opinion is that if you’ve had to manually tweak CGIs to get them to work
it’s because their author wasn’t careful in following good security
practices, and any installer you write shouldn’t try to work around that.
Ben
···
On Mon July 28 2003 11:24 am, Hal E. Fulton wrote: