Re^5: CGI and GPG, how are you people doing it?

Yes, it is by definition unsafe. The viewer of the web site is a user of the web server so soon as you expose a CGI program through the web.

But what does that have to do with the file permissions?

The webserver runs the cgi under some account -- this account needs read/write access to files gpg needs

Comment on Re^5: CGI and GPG, how are you people doing it?

Replies are listed 'Best First'.
Re^6: CGI and GPG, how are you people doing it? by mr_mischief (Monsignor) on Apr 08, 2015 at 15:53 UTC
The proper fix for this is, as I've said elsewhere in the thread, to make the web server run the code as the owner of the files, or perhaps better to have read-only access via shared group membership. You really don't want world writeable files and directories. Even if the only user accounts on the server are for the server daemons, you don't want to expose the the daemons to each others' influence. Plan for defense in depth. If the only purpose for these files is for the web server and its CGI spawns to access them and you don't want to mess with changing who the CGI scripts run as, then just make a home directory for the web server user and put the GPG keys in that user's home directory. If they are used for absolutely as little as one other thing, then I wouldn't even want the private key readable by the web server. I'd set up a batching system running as the user that gets input from and sends output to the CGI application.	[reply]

Replies are listed 'Best First'.

Re^6: CGI and GPG, how are you people doing it?
by mr_mischief (Monsignor) on Apr 08, 2015 at 15:53 UTC

The proper fix for this is, as I've said elsewhere in the thread, to make the web server run the code as the owner of the files, or perhaps better to have read-only access via shared group membership. You really don't want world writeable files and directories. Even if the only user accounts on the server are for the server daemons, you don't want to expose the the daemons to each others' influence. Plan for defense in depth.

If the only purpose for these files is for the web server and its CGI spawns to access them and you don't want to mess with changing who the CGI scripts run as, then just make a home directory for the web server user and put the GPG keys in that user's home directory. If they are used for absolutely as little as one other thing, then I wouldn't even want the private key readable by the web server. I'd set up a batching system running as the user that gets input from and sends output to the CGI application.

[reply]