comment on

The apprentice ponders a great while, and then begins...

During a ChatterBox conversation today, merlyn, Fastolfe, and others were very helpful in helping me solve a problem with a script from "out there" that I was trying to retrofit to be more secure. (No, it wasn't from the Unmentionable Name or Site)

The problem was caused by a template stored in a directory underneath the directory containing the CGI script. To illustrate:

/
|
+-- httpd/
|
+-- cgi-bin/
      +
      +--- script1.pl
      +
      +--- locallib/
               |
               +--- package.pm
[download]

Please note that in the above "diagram," cgi-bin/ is outside of the document tree and has its permissions set to 644.

During the conversation, merlyn warned me that storing a library in a relative path was dangerous and that it was best to separate libraries from executables. I'm trying to figure out the best way to incorporate this advice.

In following up with the other monks via ChatterBox, the following seemed to be more acceptable:

/
|
+-- httpd/
|
+-- cgi-bin/
|     |
|     +--- script1.pl
|
+-- locallib/
      |
      +--- package.pm
[download]

With this in mind, here are my questions:

Is the above layout in fact an effective way to be more secure?
Assuming that script1.pl, cgi-bin/ and locallib/ would have permissions of 644, why is this more secure? (Both locallib/ and cgi-bin/ are outside of the document tree.)
Where do you put additional scripts that are used by script1.pl and that are called from other HTML forms? For example, I have a config.pl that I can call from a form in a private area using basic authentication. (config.pl set variable values and script1.pl calls it.)
Would it be better for me to retool things so that config.pl resides in locallib/ and create a script2.pl to call it, e.g. store the variable definitions in locallib/?
Finally, is use './locallib' as risky as placing './locallib' in PATH when tainting is enabled?

Assuming that it is, would someone be kind enough to expand on how someone could exploit that risk or point me to a link where I can find such an explanation?

I ask this because I commonly use relative directories for data, libraries local to the script in question, configuration files, and other dependencies, save CPAN modules (which are installed into the proper locations). I have found this a useful technique for portability between machines and servers.

Given the advice, I shouldn't be doing this, so I'm trying to find an alternative that is more secure while understanding the risks and the associated exploits. Thanks in advance for any advice and illumination.

(For the record, I've looked in the faqs (perl's and LS's Web Security), the man pages, and Super Search, but all I find are notes about the risk, not examples of how it couple be exploited or used properly.)

In reply to Understanding Secure File Organization by footpad

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.