Date: Mon, 17 Sep 2001 22:24:51 +0200 From: "Wolfram Schneider" <wosch@cs.tu-berlin.de> To: "Nik Clayton" <nik@freebsd.org> Cc: <www@freebsd.org> Subject: Re: RELNOTESng on Web site Message-ID: <000801c13fbd$298c1660$91929582@vaio-note>
next in thread | raw e-mail | index | archive | help
>> > > i removed your wrapper script because it was to buggy and >> > > insecure. >> > >> > Care to be more specific? >> >> here is your script: >> #!/bin/sh >> # >> # Update the FreeBSD WWW server from the CVS repository. >> # >> # This is small stub script. The script that builds the web tree is also >> # stored in CVS. So simply check out an up to date copy of that script, and >> # then call it. >> >> PATH=/bin:/usr/bin:/usr/local/bin; export PATH >> >> cvs -d /home/ncvs checkout -p www/tools/webupdate > webupdate.run >> >> 1. this flooded my mailbox with useless rcs checkout >> messages. One of the main goals of the webupdate script >> is to avoid useless log messages > >Redirect them, and/or point the www mail somewhere else. I'm happy to >receive and monitor them. One man's useless log message is another >man's reassurance that the process is running correctly. > >> 2. you created a shell script in my private home directory! >> This is silly and insecure. I never give you the permission >> to create or modify files in my home directory on freefall. > >No. I created the script in /usr/local/www/bin. Actually, I copied the >pre-existing script to /usr/local/www/bin/webupdate.org (it's still >there) and modified /usr/local/www/bin/webupdate. > >/usr/local/www != /home/wosch. Nik, cron jobs are executed in the home directory of user who runs the cron job. Your script created temporary files in the current working directory - in my home directory. cvs -d /home/ncvs checkout -p www/tools/webupdate > webupdate.run You can test this by running /bin/pwd in your crontab. /bin/pwd will be executed in your $HOME and not in /bin. IMHO it is a bad idea to create temporary files in /usr/local/www/ or /usr/local/www/bin. Temporary files should be created in a */tmp directory or a build/staging area. Anything else make the life of the system administrator or the security people harder. -Wolfram -- Wolfram Schneider <wosch@FreeBSD.org> http://wolfram.schneider.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-www" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000801c13fbd$298c1660$91929582>