Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 22 Jan 2010 09:55:33 -0500
From:      DAve <>
To:        'User Questions' <>
Subject:   Securing cgi scripts
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help
Good morning all,

I have been working on an issue here where I am being asked if we can
support letting clients install and run their own CGI scripts on a
shared vhost. I have tried sbox and cgiwrap, both which worked, but they
cannot stop the one test of reading the /etc/passwd file.

Forgive my ignorance here, but I thought CGIs were gone long ago and
have not messed with them in over ten years. If a client really needs a
specfic CGI script hosted, I check it out thoroughly and install it
where they cannot reach it. Those instances are very very rare.

It looks to me like the only way to keep a client contained is to run
their CGIs chrooted. Would this be correct?

"Posterity, you will know how much it cost the present generation to
preserve your freedom.  I hope you will make good use of it.  If you
do not, I shall repent in heaven that ever I took half the pains to
preserve it." John Adams

Want to link to this message? Use this URL: <>