Re: Re: Re: Perl/CGI Security Question

sorry,

I have a weird superstition about using 666 permissions (call me silly, please). No, I'm not a christian, just think it's too much of a coincidence that 666 == pure evil in terms of file permissions :) and the extra 1 doesn't really matter that much... (or does it? thoughts...)

But yes, you are right. Immaterial really, coz you should be running stuff at 700/600/400 with cgiwrap anyway (or equivalent :)

later

cLive ;-)

>Realistically, you could probably get away with mode 644 if you chowned the file to the user the webserver runs as.

644/666 - does it really make a difference if the script's not wrapped? Either way the file's open to abuse by other users on the server...

Comment on Re: Re: Re: Perl/CGI Security Question

Replies are listed 'Best First'.
Re (tilly) 4: Perl/CGI Security Question by tilly (Archbishop) on Mar 30, 2001 at 22:14 UTC
In a real work environment you are likely to need to share files with others. In that case you should allow write access by the group and choose a group that includes other people who deserve access. See your site policy for more detailed guidance on this. As for 666, I have always suspected that the permission scheme was deliberately chosen to make rw access to the world work out to be 666 specifically to make people think twice about doing so. If it wasn't intended then it was a darned convenient choice...	[reply]
Re: Re (tilly) 4: Perl/CGI Security Question by cLive ;-) (Prior) on Mar 31, 2001 at 06:29 UTC
In our specific situation, all groups have one user and cgiwrap is on, so 600/660 are basically equivalent. Sharing is something we avoid at all costs!	[reply]