Loading ...
Sorry, an error occurred while loading the content.

Re: [PBML] permissions

Expand Messages
  • Scott
    ... I used $old_umask = umask 0; mkdir( ../path/$form{ newdir } , 0755) or die ... ; umask $old_umask; and it works like a charm. Thanks for the script bits.
    Message 1 of 9 , Oct 4, 2003
    • 0 Attachment
      > my $old_umask = umask 0;
      > mkdir "/some/where/out/there", 0777 or die "...";
      > umask $old_umask;

      I used

      $old_umask = umask 0;
      mkdir("../path/$form{'newdir'}", 0755) or die "...";
      umask $old_umask;

      and it works like a charm. Thanks for the script bits. How does this
      affect security?
    • merlyn@stonehenge.com
      ... Scott I used Scott $old_umask = umask 0; Scott mkdir( ../path/$form{ newdir } , 0755) or die ... ; Scott umask $old_umask; Scott and it works like a
      Message 2 of 9 , Oct 5, 2003
      • 0 Attachment
        >>>>> "Scott" == Scott <mike_nhl@...> writes:

        >> my $old_umask = umask 0;
        >> mkdir "/some/where/out/there", 0777 or die "...";
        >> umask $old_umask;

        Scott> I used

        Scott> $old_umask = umask 0;
        Scott> mkdir("../path/$form{'newdir'}", 0755) or die "...";
        Scott> umask $old_umask;

        Scott> and it works like a charm. Thanks for the script bits. How does this
        Scott> affect security?

        Oooh. Oh dangerous. You're getting the path from a form field?
        That's really, really, bad.

        Please read <http://www.stonehenge.com/merlyn/UnixReview/col48.html>
        for a basic security checklist. You might also want to google
        for "CGI Security" and "Perl CGI Security" for a lot more advice.

        --
        Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
        <merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
        Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
        See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
      Your message has been successfully submitted and would be delivered to recipients shortly.