Pine controversy

Joe Mabel jmabel at saltmine.com
Wed Sep 30 08:25:30 PDT 1998 

So under CGI on Unix, is there no equivalent of Microsoft NT's 
"impersonation token" which lets an ISAPI server run temporarily with the 
permissions of a particular user?

-----Original Message-----
From:	Rod Clark [SMTP:bb615 at scn.org]
Sent:	Tuesday, September 29, 1998 7:14 PM
To:	Al Boss
Cc:	scn at scn.org
Subject:	Re: Pine controversy

> I would have thought that the SCN Web-based outgoing mail
> function would be run from our own CGI script in tandem with
> sendmail, not too different than the well-functioning formmail
> script with which you're well-acquainted.

Al,

   The form.cgi and sendform.cgi scripts that SCN uses for
e-mail forms processing through sendmail are familiar to me
because I wrote them. But sending mail is the easy part, because
for one thing it doesn't have to deal with any existing files
with private user permissions.

   SCN is also messy because of Freeport. From what I
understand, that's why it took the Hardware/Software people so
long to get Pine working. The Freeport code was apparently so
impenetrable that they finally just left it like it was, rather
than trying to revise it to work with standard Pine. So the Pine
and POP implementations were warped around to fit Freeport,
instead of vice versa, with mixed results in the case of a few
Pine functions.

   The thing that's most problematic about Web-based e-mail
retrieval is that dealing with people's private files through
CGI is harder than it sounds. For security reasons, CGI scripts
typically run as some innocuous user ID like 'nobody', to avoid
problems that could occur with a CGI script that would have
access to any file in any user's account. That's what this kind
of program would have to have, in order to manage the files in
the users' accounts. Otherwise it would be read-only and the
users' mail would continue to pile up indefinitely. Even then,
such a program couldn't even read everyone's private mail files,
let alone write and delete them, without having seriously more
than the minimal permissions that CGI scripts running on SCN now
have.

   This makes security critical with such an application. Then
you have to take into account that the file locking and other
aspects of the system aren't going to work right sometimes, no
matter what it says in the documentation. So it's not easy to
make something like this work as absolutely reliably as it would
have to, and to be as secure as it would have to be, so that it
would work 100% of the time under all sorts of anomalous
conditions. That may be one reason why you see only a limited
number of companies providing Web-based e-mail services like
this to many other organizations.

   From what I hear, your planet is a wonderful place to visit
except for the giant poisonous spiders and a few uncouth
humanoid species roaming around. Well, take care. See you later.

Rod

* * * * * * * * * * * * * *  From the Listowner  * * * * * * * * * * * *
.	To unsubscribe from this list, send a message to:
majordomo at scn.org		In the body of the message, type:
unsubscribe scn
END

* * * * * * * * * * * * * *  From the Listowner  * * * * * * * * * * * *
.	To unsubscribe from this list, send a message to:
majordomo at scn.org		In the body of the message, type:
unsubscribe scn
END

More information about the scn mailing list