Loading ...
Sorry, an error occurred while loading the content.

Re: [PBML] permissions

Expand Messages
  • merlyn@stonehenge.com
    ... Scott I used Scott $old_umask = umask 0; Scott mkdir( ../path/$form{ newdir } , 0755) or die ... ; Scott umask $old_umask; Scott and it works like a
    Message 1 of 9 , Oct 5, 2003
    View Source
    • 0 Attachment
      >>>>> "Scott" == Scott <mike_nhl@...> writes:

      >> my $old_umask = umask 0;
      >> mkdir "/some/where/out/there", 0777 or die "...";
      >> umask $old_umask;

      Scott> I used

      Scott> $old_umask = umask 0;
      Scott> mkdir("../path/$form{'newdir'}", 0755) or die "...";
      Scott> umask $old_umask;

      Scott> and it works like a charm. Thanks for the script bits. How does this
      Scott> affect security?

      Oooh. Oh dangerous. You're getting the path from a form field?
      That's really, really, bad.

      Please read <http://www.stonehenge.com/merlyn/UnixReview/col48.html>
      for a basic security checklist. You might also want to google
      for "CGI Security" and "Perl CGI Security" for a lot more advice.

      --
      Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
      <merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
      Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
      See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
    Your message has been successfully submitted and would be delivered to recipients shortly.