Re: More CGI Comments

James (
Sat, 8 Jan 1994 14:55:26 -0800 (PST)

On Sat, 8 Jan 1994, Roy T. Fielding wrote:

> > 1) If you let users export information via their UserDir
> > (i.e., ~/public_html by default), how can you gracefully allow them to
> > create anything that requires a shell execution without giving everyone
> > write access to the cgi-bin directory or creating cgi aliases for all
> > users in srm.conf?
> >...

What we've done here at Willamette is to create a pair of local groups,
one called "webmgr" and one called "webdev". "webmgr" is for the few
people trusted to work on the main trunk of our web (althought I'm pretty
much the only one who uses it :) ), but "webdev" is for a group of
students who want to collaboratively work on WWW projects. "webdev" has
been given an additional directory for developing their own scripts.
Granted, this is a "human" solution rather then a technical solution, as
it still relies on giving access to those who are trusted -- it doesn't
address giving every user access to this capability.

> Just prior to reading this I was looking at a local notice about login
> security. Thus, my first thought was what would happen if some user
> created a script which deletes (recursively) all of the files in the
> invokers home directory. Since the script would be executed under the
> server's user ID (I think), would the script then delete all of the
> server's subdirectories?

On the NCSA httpd, at least, I beleive that if root is running the
server, there's an option for the server to change it's UID. Ours
changes to "nobody", which means that the server really can't do much
except read world-readable files.

However, this approach may not make sense for future development.
Specifically, what about the eventual use of PUT and POST protocols for
things like dynamic document generation? It might be nice, for instance,
to be able to edit a document that I've grabbed over the web, and use PUT
to create a new revision for the changes I've made (shades of Xanadu!).
Granted, this isn't immediately looming, but it wouldn't be implementable
if the server can change the documents it has control over...


/ (James) Eric Tilton, Student AND Student Liaison, WITS \
\ Class of '95 - CS/Hist -- Internet - /
<a href="">ObHyPlan!</a>, chock fulla
<a href="">Fun Stuff!</a>