{bb} security improvement

To: <bb@bb4.com>
Subject: {bb} security improvement
From: "Adam Goryachev" <adam@wesolveit.com.au>
Date: Mon, 31 Jan 2000 22:35:43 +1100
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;charset="iso-8859-1"
Importance: Normal
Reply-To: bb@bb4.com
Sender: owner-bb@bb4.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

in bb-histlog.sh I have made the following changes. although I am running a
rather hacked up copy of BB so this may not work for you but something
similar should perhaps be put into the next BB release....

line 101:
change TMPFILE=/tmp/$FILENM
to TMPFILE=$BBHOME/tmp/$FILENM

line 110:
change cd /tmp
to cd $BBHOME/tmp

and that was it.... better to use a private tmp dir that one that some
other user might abuse in some way or another....

The same change could be made in the standard bb-hist.sh in two places,
although I am using the perl version so I haven't tried to break this
yet.....

The same goes for the rest of the cgi scripts.....

Regards,
Adam

Adam Goryachev
We Solve IT Pty Ltd
Ph:  +61 2 9345 4395                        info@wesolveit.com.au
Fax: +61 2 9345 4396                        http://www.wesolveit.com.au

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>

iQA/AwUBOJTm7wGNJgXrV/C3EQIdkACg445BA6+SeD0pDNNEdj7lfSM6Dw8An25U
b0eEF0JJjnYPpIRHzl9r+v/z
=A3Hh
-----END PGP SIGNATURE-----

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=
To unsubscribe from this list, or to subscribe to the bb-digest list
send e-mail to mailto:majordomo@bb4.com with unsubscribe bb -and/or-
subscribe bb-digest in the BODY of the message.

Follow-Ups:
- Re: {bb} security improvement
  - From: Robert-Andre Croteau <sirac@videotron.ca>

Prev by Date: {bb} bbnet return codes bug?
Next by Date: {bb} BBOUT filles the filesystem
Prev by thread: RE: {bb} BBOUT filles the filesystem
Next by thread: Re: {bb} security improvement
Index(es):
- Date
- Thread

Home | Main Index | Thread Index