On Tue, 2008-08-19 at 15:53 +0100, Ezra Cooper wrote: > Unless I misunderstand, that would be okay. By "application," do you > mean process? Other software like, say, emacs or minesweeper shouldn't > be running as the webserver user.
I assume that Karn meant other CGI programs run by the webserver that would be running as the webserver user, which would be able to read and write any file the web-server can read/write. [BTW this invalidates what I wrote in an earlier email about setting the file to be webserver user read-only to avoid leaks of hardcoded information: another user could write a CGI script that just reads the source file using the webserver's permissions]. > Links itself, running in another > process, wouldn't self-interfere, as long as it followed the policy of > hashing the complete pathname. Other software shouldn't really touch the > same files, since the filenames would be "unguessable": they'd have > (say) a prefix unique to Links, or even unique to the Links version. > Also, each user (each real user, as opposed to Unix user) could point > Links at their own caching directory, if they were worried about > collisions. I'm not sure your scheme would make it unguessable: - anywhere that Alice sets as a cache directory could be discoverable to Mallory because if the webserver can access the information on where it is, then so can any program Mallory writes - Any prefix that is generated by Links to make the file name unguessable could be discovered by experimentation fairly quickly, I think. I think that your scheme would prevent accidental collisions, but to do proper security would require proper separation of users (by the OS, or by the webserver). OTOH there are probably more security problems with a group of mutually untrusting users all sharing a single UNIX user than overwriting each others' cache files. Maybe another solution is to have the user do the caching by hand: a command-line Links compiler that outputs the cached versions and have the user give that to the webserver rather than the source code? They would then just have to make sure the compiled version was not world/webserver-writable. Bob _______________________________________________ links-users mailing list [email protected] http://lists.inf.ed.ac.uk/mailman/listinfo/links-users -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
