On Tue, 03 Dec 2002 13:58:42 -0700, "Jason R. Mastaler"
<[EMAIL PROTECTED]> wrote:
> A few questions about your changes to CRYPT_KEY_FILE in Defaults.py.
>
> Your code allows any file permissions on crypt_key if CGI_ACTIVE is
> enabled. Is this a good idea? The check is there to reduce the user's
> key from being uncovered.
Gah. Ya know, if I screw this edit up one more time, I think I'm
going to scream. You're totally correct. I should not be sabotaging
the 400/600 exception at all.
Sorry about that. I'll try to check it more carefully next time.
> Your code allows a missing crypt_key if CGI_ACTIVE is enabled. Why?
> crypt_key is necessary for TMDA to work.
I have to keep this exception from being raised when running the CGI
in no-su mode.
For those of you not following the tmda-gui list, no-su mode is where
they set the CGI up to run totally unprivileged. Instead of stepping
up the privileges on the CGI, they step down the permissions on the
pending and configuration files so they can be read by the nobody
group.
The CGI doesn't need to know the value of your crypt_key because it is
never used in pending list processing -- so 600 and 400 permissions
are okay on crypt_key. HOWEVER, Defaults.py must successfully load so
I can have access to the config file. If you raise an exception while
importing it, even at the end, then you will not be able to access any
values set by the module.
Defaults.py, as it was written would fail if you couldn't read the
crypt_key and since the CGI was running as nobody, it couldn't.
The only solution I can see is to keep the exception from being raised
when running the CGI. I did this by checking to see if the user was
configured to run the CGI. I guess that is over-inclusive since there
are times when you are configured to run a CGI but you are not
actually running one.
How about I remove the first check (the 400/600 test) and change the
second check to:
try:
CRYPT_KEY =
binascii.unhexlify(open(CRYPT_KEY_FILE).read().strip())
except IOError:
if not os.environ.has_key("SCRIPT_NAME"): raise
That way we will raise an exception at any time we are not running the
CGI. Better?
Gre7g.
_________________________________________________
tmda-workers mailing list ([EMAIL PROTECTED])
http://tmda.net/lists/listinfo/tmda-workers
