[Clipart] Site fixup work
Nathan Eady
eady at galion.lib.oh.us
Fri Nov 11 11:27:10 PST 2005
Bryce Harrington wrote:
>> 2. Which of the upload*.cgi files do we actually need? (Remove the
>> ones that are not needed.) [jonadab]
The one we need most is upload_svg.cgi, but we also were using
upload_screenshot.cgi, although it really is not essential.
>> 4. (DONE) Review submit.php for security vunerabilities [kees]
>
> -- submit.php had some bad security issues. It appears to not be
> used anywhere though, so has been disabled.
submit.php was the original, non-metadata-aware upload facility;
as far as I am aware we do not need it any longer, so if it has
security issues, leaving it disabled is probably the right choice.
>> 2. (DONE) Restore the group and other read permissions for the incoming dir [bryce]
>> 3. Remove exec permissions from all files in all the incoming dirs []
>
> -- Probably not necessary as it won't do much good. The upload
> scripts should be modified to use a umask that doesn't give
> exec permissions.
I have been given to understand from what someone else here said
that PHP will happily execute files that don't have the execute bit
set. Is that true, and if so isn't there any way to fix that, or
disable PHP for the incoming dirs?
Regarding the things I need to do: I have a mostly-working system
built on my workstation now, so once I copy over my data from the
old drive (including my private key), I should be able to log in
to the server again, do CVS, and so forth. Early next week, maybe.
It sure will be nice to be back in action.
More information about the clipart
mailing list