Re: {bb} security improvement

To: bb@bb4.com
Subject: Re: {bb} security improvement
From: Kyle Amon <kyle.amon@sagemaker.com>
Date: Tue, 01 Feb 2000 07:41:21 -0500
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
Organization: Sagemaker
References: <NDBBJPAGKLCMDEIEKOPBEECICBAA.adam@wesolveit.com.au>
Reply-To: bb@bb4.com
Sender: owner-bb@bb4.com

$BBOME/tmp would certainly not require write permission for the world.
As metnioned, everything runs as the user [and group] specified in the
webserver configuration.  Thus $BBHOME/tmp would only require write
for either this user or group.  In order to run nothing related to BB
as root, I 'chown -R nobody.nogroup $BBHOME', which is what the
webserver
runs as.  Boom.  Problem solved.  So, I think his suggestion is a good
idea... and certainly not a problem.

- Kyle

Adam Goryachev wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hmmm, well, how about ~/tmp then ?? Just trying to think of some answer to
> avoid using /tmp ....  Or, perhaps a TMPDIR=""  # SET THIS TO A DIRECTORY
> FOR TMP FILES, and then if it is not set to a valid directory, then set it
> to /tmp.... ie, if someone ignores it, then it works, if someone sets it
> properly, then it works better  :)
> 
> Regards,
> Adam Goryachev
> 
> Adam Goryachev
> We Solve IT Pty Ltd
> Ph:  +61 2 9345 4395                        info@wesolveit.com.au
> Fax: +61 2 9345 4396                        http://www.wesolveit.com.au
> 
> > -----Original Message-----
> > From: owner-bb@bb4.com [mailto:owner-bb@bb4.com]On Behalf Of
> > Robert-Andre Croteau
> > Sent: Tuesday, February 01, 2000 1:38 AM
> > To: bb@bb4.com
> > Subject: Re: {bb} security improvement
> >
> >
> > Adam Goryachev wrote:
> > >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > in bb-histlog.sh I have made the following changes. although I am
> > running a
> > > rather hacked up copy of BB so this may not work for you but something
> > > similar should perhaps be put into the next BB release....
> > >
> > > line 101:
> > > change TMPFILE=/tmp/$FILENM
> > > to TMPFILE=$BBHOME/tmp/$FILENM
> > >
> > > line 110:
> > > change cd /tmp
> > > to cd $BBHOME/tmp
> > >
> > > and that was it.... better to use a private tmp dir that one that some
> > > other user might abuse in some way or another....
> >
> > bb-histlog.sh, bb-hist.sh & all run as the user specified by web server
> > configuration.  This user needs write access to directories.  So
> > either writing to $BBHOME/tmp (which would need require write
> > permissions
> > for world) or /tmp is required.
> >
> >
> > --
> > Robert-Andre Croteau  BSD,MOTU                robert@unix.sh
> > Services Conseils Informatiques MOTU Inc.     robert@motu.ca
> > (514) 465-3057                                        rcroteau@videotron.ca
> > http://www.motu.ca/                             http://www.bb4.com
> >       Si le bonheur ne s'achete pas alors louez le.
> > --
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=
> > To unsubscribe from this list, or to subscribe to the bb-digest list
> > send e-mail to mailto:majordomo@bb4.com with unsubscribe bb -and/or-
> > subscribe bb-digest in the BODY of the message.
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.1 Int. for non-commercial use
> <http://www.pgpinternational.com>
> 
> iQA/AwUBOJWsugGNJgXrV/C3EQLFPACg0XyIgnNlC+Xu8hWAXC51bLhs438AnRUP
> DB1jNElLWiRs5lFx0kk1WqFN
> =5mZ5
> -----END PGP SIGNATURE-----
> 
> --
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=
> To unsubscribe from this list, or to subscribe to the bb-digest list
> send e-mail to mailto:majordomo@bb4.com with unsubscribe bb -and/or-
> subscribe bb-digest in the BODY of the message.

-- 
Kyle Amon                     email: kyle.amon@sagemaker.com
                              url:   http://www.gnutec.com/~amonk
KeyID 1024/26DD13D9
Fingerprint = 7D 86 D1 AE 4B E9 91 6A  4B BC B5 B4 12 F0 D3 1A
  
"Consider a space station where air must be manufactured at great cost:
charging each breather per liter of air may be fair, but wearing the
metered gas mask all day and all night is intolerable even if everyone
can afford to pay the air bill."
  
                              - Richard Stallman
                                The GNU Manifesto, 1985
  
   Petition to Microsoft Corporation for Open Source Consumer Windows!
        http://www.linuxresources.com/linuxreview/petition.html
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=
To unsubscribe from this list, or to subscribe to the bb-digest list
send e-mail to mailto:majordomo@bb4.com with unsubscribe bb -and/or-
subscribe bb-digest in the BODY of the message.

Prev by Date: Re: {bb} OFF TOPIC Procs report Cron down!
Next by Date: RE: {bb} OFF TOPIC Procs report Cron down!
Prev by thread: Re: {bb} bb server names
Next by thread: {bb} OFF TOPIC Procs report Cron down!
Index(es):
- Date
- Thread

Home | Main Index | Thread Index