Date: Mon, 10 Sep 2001 21:13:58 +0200 From: Wolfram Schneider <wosch@freebsd.org> To: Nik Clayton <nik@freebsd.org> Cc: Wolfram Schneider <wosch@cs.tu-berlin.de>, Dima Dorfman <dima@unixfreak.org>, bmah@freebsd.org, www@freebsd.org Subject: Re: RELNOTESng on Web site Message-ID: <20010910211358.A21159@freno.cs.tu-berlin.de> In-Reply-To: <20010903134831.Q46201@clan.nothing-going-on.org>; from nik@FreeBSD.ORG on Mon, Sep 03, 2001 at 01:48:31PM %2B0100 References: <20010821104242.B93901@clan.nothing-going-on.org> <20010831154356.9CFA23E35@bazooka.unixfreak.org> <20010831171735.M46201@clan.nothing-going-on.org> <20010902150220.B19172@freno.cs.tu-berlin.de> <20010903134831.Q46201@clan.nothing-going-on.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2001-09-03 13:48:31 +0100, Nik Clayton wrote:
> Wolfram,
>
> On Sun, Sep 02, 2001 at 03:02:21PM +0200, Wolfram Schneider wrote:
> > > > > /usr/local/www/bin/webupdate now checks out www/tools/webupdate in
> > > > > to the same directory as "webupdate.run".
> > > >
> > > > This doesn't seem to be the case anymore. It seems that
> > > > /usr/local/www/bin/webupdate was replaced with whatever was there
> > > > before you did anything:
> > > >
> > > > dd@freefall% cd /usr/local/www/bin
> > > > dd@freefall% ls -l webupdate
> > > > -rwxrwxr-x 1 wosch www 781 Aug 28 10:30 webupdate
> > > > ^^^^^^^^^^^^^^
> > > > Is there a reason why? From the logs, it seems that webupdate was
> > > > doing just fine with its work.
> > >
> > > Not a clue.
> > >
> > > Wolfram? Any ideas?
> >
> > Nik,
> >
> > i removed your wrapper script because it was to buggy and
> > insecure.
>
> Care to be more specific?
here is your script:
#!/bin/sh
#
# Update the FreeBSD WWW server from the CVS repository.
#
# This is small stub script. The script that builds the web tree is also
# stored in CVS. So simply check out an up to date copy of that script, and
# then call it.
PATH=/bin:/usr/bin:/usr/local/bin; export PATH
cvs -d /home/ncvs checkout -p www/tools/webupdate > webupdate.run
1. this flooded my mailbox with useless rcs checkout
messages. One of the main goals of the webupdate script
is to avoid useless log messages
2. you created a shell script in my private home directory!
This is silly and insecure. I never give you the permission
to create or modify files in my home directory on freefall.
sh webupdate.run
rm webupdate.run
3. you are removing a file in my home directory. See 2)
This gave me the impressions that you never tested the
wrapper. And because it runs with my uid and in my responsibility
I revert the script to the old stable version.
Now since some days the webupdate scripts runs by the uid
www. I hope next time you will be a little be more carefully if
you change an administration script.
And please, put your hands off my account on freefall.
-Wolfram
--
Wolfram Schneider <wosch@FreeBSD.org> http://wolfram.schneider.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-www" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010910211358.A21159>