[ee122] file permissions and file handling
Daniel Killebrew
dank at eecs.berkeley.edu
Sat Oct 27 17:10:17 PDT 2007
Davide Cerri wrote:
> Hello,
> I thought to use stat to check for the file information, but the man page show
>
> #define S_IFMT 0170000 /* type of file */
> #define S_IFIFO 0010000 /* named pipe (fifo) */
> #define S_IFCHR 0020000 /* character special */
> #define S_IFDIR 0040000 /* directory */
> #define S_IFBLK 0060000 /* block special */
> #define S_IFREG 0100000 /* regular */
> #define S_IFLNK 0120000 /* symbolic link */
> #define S_IFSOCK 0140000 /* socket */
> #define S_IFWHT 0160000 /* whiteout */
> #define S_ISUID 0004000 /* set user id on execution */
> #define S_ISGID 0002000 /* set group id on execution */
> #define S_ISVTX 0001000 /* save swapped text even after use */
> #define S_IRUSR 0000400 /* read permission, owner */
> #define S_IWUSR 0000200 /* write permission, owner */
> #define S_IXUSR 0000100 /* execute/search permission, owner */
>
> How can we check for world access?
> I am assuming that we are allowed to send only world readable files to
> the clients.
>
If I (ee122-tb) am executing your http_server, it will be running under
my permissions. So it should be able to send out any files that ee122-tb
can read. So the answer is no, it should send files that it is allowed
to read. Unix will enforce the filesystem permissions. You need to
determine whether to send a
403 Forbidden
or
404 Not Found
error to the client.
> Also? the specs says that we only look for files starting from the web
> server directory?
> any hint on how to handle that? should we calculate that by parsing
> the path and checking for ../ occurrences?
>
That might work... Note that just counting the number of ../ occurrences
is not quite a correct solution. As to why, I leave that to you to
determine :)
Daniel
> thanks,
>
>
>
More information about the ee122
mailing list