CGI Script Created Files Playing Nicely

skazat has asked for the wisdom of the Perl Monks concerning the following question:

Fellow monks,

A somewhat foolish problem I've gotten myself into.

I have a complex CGI script that likes to create DB_Files with it needs to save information, say, if a new user comes along and we need to log him. Actually, for the sake of clarity, this is a light-weight mailing list manager that I work on and people really love. For each list it managers, it creates (among other things) a DB_File that holds preferences and a text file that holds all the subscribers.

These files are created by the cgi script, usually in a directory that is chmod'd to 777.

This is all well and good and works sparkling, until I try to interact and use these files when running another script interactivly, or when the script is owned by me, and not nobody as the files are, since they're created by the cgi script.

For example, You can create a mailing list via the web browser, the mailing list files will be created, with the owner of 'nobody'. Now, if I have an aliased email address that pipes to a script that wants to open up the subscriber list to send out to everyone, it won't work, since this script is owned by me.

Is there a way that I can do this? Here's me scenario, I won't be given root access, so I can't chown() anything. I guess I could have the mailing list files chmoded to 777 on creation, but that seems a bit bad (security wise), but how much worse is that then having the directory at 777 as well?

I didn't run into this problem while developing, since my host runs SuEXEC, so my scripts are run by me, all the time. Is there a way to run SuEXEC on a per account basis that the owner of this account can change (something in a .htaccess file, perhaps)? Is there a way, say in procmail, to tell procmail to pipe to a script and then run the script from another user (nobody)

These are some things I'm thinking of, but haven't made a solid conclusion on how to fix this little problem.

any wisdom and help would be much appreciated.

-justin simoni
!skazat!

Comment on CGI Script Created Files Playing Nicely

Replies are listed 'Best First'.
Re: CGI Script Created Files Playing Nicely by suaveant (Parson) on Apr 26, 2001 at 23:32 UTC
Your best option is to use a real database like MySQL... but I realize this is not always an option... the problem is that your file is not world writable, you are correct in that, and that it is not often good to make files such as these world writable... the directory is bad enough... the best option is too just get everything to run under the same user... this may mean you need to use suid... which can also be a problem. I keep thinking more and more of writing a C wrapper for taking care of these situations... somewhat... wish I had more time. - Ant	[reply]
Re: Re: CGI Script Created Files Playing Nicely by feloniousMonk (Pilgrim) on Apr 27, 2001 at 00:03 UTC
-- I have my 2c to put in too... If the folder has perms of 777 AND is executable by Apache (or whatever webserver for that matter) such as a text file in a cgi-bin for example you can have a major problem crop up. If executable folder has world-writeable files or the folder itself is world-writeable you can have yourself a major security violation. I had a similar mailing list situation and have since migrated to MySQL (less headache than PostgreSQL), but we have that luxury 'cuz my web server is less than 50 feet away :-) -- felonious	[reply]
Re: Re: Re: CGI Script Created Files Playing Nicely by skazat (Chaplain) on Apr 27, 2001 at 00:46 UTC
I have my 2c to put in too... If the folder has perms of 777 AND is executable by Apache (or whatever webserver for that matter) such as a text file in a cgi-bin for example you can have a major problem crop up. If executable folder has world-writeable files or the folder itself is world-writeable you can have yourself a major security violation. no no no no non nononononnoononnononono naw. the files are not in the cgi dir, they're just in a directory other than under the public_html directory, I see your point though, that would be clearly shooting yourself in the foot. I generally don't like the idea of having the dir at 777. the server i use runs SuEXEC, so the dir is set to something like 755, and my files are created with 0660, so i have less worries :) An SQl based solution would be nice, but that would hurt portability quite a bit for this project and add complexity I don't, well want :) -justin simoni !skazat!	[reply]
Re: Re: Re: Re: CGI Script Created Files Playing Nicely by feloniousMonk (Pilgrim) on Apr 27, 2001 at 17:12 UTC
Re: Re: CGI Script Created Files Playing Nicely by skazat (Chaplain) on Apr 27, 2001 at 00:49 UTC
which can also be a problem. I've never created a suid script, but does the script need anything special, such as having the -T flag always set? I think i need to give it some work to make it run in taint mode (most of the common foibles are already delt with, just swaeting the little stuff), but that's a good idea. I'll have to play around with that, I don't think suid scripts are allowed to be run on my server, since we're using the SuExec way. always an option for someone else though. -justin simoni !skazat!	[reply]
Re: CGI Script Created Files Playing Nicely by gildir (Pilgrim) on Apr 27, 2001 at 13:23 UTC
Put Apache, you and that DB file to same group (say group 'www') and make this file 660. It will be good idea to make apache run as a separate user (say user 'apache') not as nobody. Nobody is used for some other system tasks (NFS,...) and should not be a part of any groups, save for 'nogroup' maybe. But there is still a slight security risk that some other misfunctioned CGI script can be fooled to read/write this file. This can be solved only by using a setuid/setgid script wrapper.	[reply]