MiniVend Akopia Services
[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] cgi inf ACTION="/cgi-bin/flycat/process" not found

On Sat, Nov 20, 1999 at 09:24:33PM -0500, Charles Cummings wrote:
> ******    message to minivend-users from Charles Cummings <webmaster@objectivesolutions.net>     ******

/process is PATH_INFO.  There is no such file.

> Thanks.  This is a step in the right direction, but the "flycat" cgi is in a directory that has other
> cgis that work fine, so I believe the permissions are ok.
> 
> Here they are:
> 
>     The permissions for flycat are: -rwsr-xr-x   1 webmaste webmaste    26685 Nov 20 09:55 flycat
>     The permissions for the cgi-bin directory are: drwxrwxrwx   2 webmaste webmaste     1024 Nov 20
> 09:55 cgi-bin

I've never used flycat. I'm surprised it is a file of its own; that
seems very "unminvendish" and I'd have expected just pages and 
perhaps a different script path.  Someone else can correct me please.

HOWEVER,...
Those permissions, are, well, "permissive".  Anyone can write to or modify
anything in your cgi-bin.  Who has access to your machine?

Your flycat runs SUID webmaster, so if it runs at all minivend has access
to everything webmaster has.  If minivend was installed as another
user, it might not run at all.

This, for example, is what our vlink (debian linux) looks like:
-r-sr-x---    1 minivend nogroup     11622 Nov 17 11:41 /usr/cgi/mvend314
Our web servers run nobody:nogroup.  Minivend is another userid.
We don't use cgi-bin.

cfm


-- 

Christopher F. Miller, Publisher                             cfm@maine.com
MaineStreet Communications, Inc         208 Portland Road, Gray, ME  04039
1.207.657.5078                                       http://www.maine.com/
Database publishing, e-commerce, office/internet integration, Debian linux.
Search for: Match: Format: Sort by: