RE: {bb} security improvement

To: <bb@bb4.com>
Subject: RE: {bb} security improvement
From: "Adam Goryachev" <adam@wesolveit.com.au>
Date: Tue, 1 Feb 2000 12:39:38 +1100
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;charset="iso-8859-1"
Importance: Normal
In-Reply-To: <38959E5C.42F0FEA8@videotron.ca>
Reply-To: bb@bb4.com
Sender: owner-bb@bb4.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hmmm, well, how about ~/tmp then ?? Just trying to think of some answer to
avoid using /tmp ....  Or, perhaps a TMPDIR=""  # SET THIS TO A DIRECTORY
FOR TMP FILES, and then if it is not set to a valid directory, then set it
to /tmp.... ie, if someone ignores it, then it works, if someone sets it
properly, then it works better  :)

Regards,
Adam Goryachev

Adam Goryachev
We Solve IT Pty Ltd
Ph:  +61 2 9345 4395                        info@wesolveit.com.au
Fax: +61 2 9345 4396                        http://www.wesolveit.com.au


> -----Original Message-----
> From: owner-bb@bb4.com [mailto:owner-bb@bb4.com]On Behalf Of
> Robert-Andre Croteau
> Sent: Tuesday, February 01, 2000 1:38 AM
> To: bb@bb4.com
> Subject: Re: {bb} security improvement
>
>
> Adam Goryachev wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > in bb-histlog.sh I have made the following changes. although I am
> running a
> > rather hacked up copy of BB so this may not work for you but something
> > similar should perhaps be put into the next BB release....
> >
> > line 101:
> > change TMPFILE=/tmp/$FILENM
> > to TMPFILE=$BBHOME/tmp/$FILENM
> >
> > line 110:
> > change cd /tmp
> > to cd $BBHOME/tmp
> >
> > and that was it.... better to use a private tmp dir that one that some
> > other user might abuse in some way or another....
>
> bb-histlog.sh, bb-hist.sh & all run as the user specified by web server
> configuration.  This user needs write access to directories.  So
> either writing to $BBHOME/tmp (which would need require write
> permissions
> for world) or /tmp is required.
>
>
> --
> Robert-Andre Croteau	BSD,MOTU		robert@unix.sh
> Services Conseils Informatiques MOTU Inc. 	robert@motu.ca
> (514) 465-3057					rcroteau@videotron.ca
> http://www.motu.ca/                             http://www.bb4.com
> 	Si le bonheur ne s'achete pas alors louez le.
> --
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=
> To unsubscribe from this list, or to subscribe to the bb-digest list
> send e-mail to mailto:majordomo@bb4.com with unsubscribe bb -and/or-
> subscribe bb-digest in the BODY of the message.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>

iQA/AwUBOJWsugGNJgXrV/C3EQLFPACg0XyIgnNlC+Xu8hWAXC51bLhs438AnRUP
DB1jNElLWiRs5lFx0kk1WqFN
=5mZ5
-----END PGP SIGNATURE-----

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=
To unsubscribe from this list, or to subscribe to the bb-digest list
send e-mail to mailto:majordomo@bb4.com with unsubscribe bb -and/or-
subscribe bb-digest in the BODY of the message.

References:
- Re: {bb} security improvement
  - From: Robert-Andre Croteau <sirac@videotron.ca>

Prev by Date: Re: {bb} BBOUT filles the filesystem
Prev by thread: Re: {bb} security improvement
Next by thread: {bb} bbnet return codes bug?
Index(es):
- Date
- Thread

Home | Main Index | Thread Index