Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 22 Jan 2010 09:55:33 -0500
From:      DAve <dave.list@pixelhammer.com>
To:        'User Questions' <freebsd-questions@freebsd.org>
Subject:   Securing cgi scripts
Message-ID:  <4B59BC65.3040905@pixelhammer.com>

Next in thread | Raw E-Mail | Index | Archive | Help
Good morning all,

I have been working on an issue here where I am being asked if we can
support letting clients install and run their own CGI scripts on a
shared vhost. I have tried sbox and cgiwrap, both which worked, but they
cannot stop the one test of reading the /etc/passwd file.

Forgive my ignorance here, but I thought CGIs were gone long ago and
have not messed with them in over ten years. If a client really needs a
specfic CGI script hosted, I check it out thoroughly and install it
where they cannot reach it. Those instances are very very rare.

It looks to me like the only way to keep a client contained is to run
their CGIs chrooted. Would this be correct?

DAve
-- 
"Posterity, you will know how much it cost the present generation to
preserve your freedom.  I hope you will make good use of it.  If you
do not, I shall repent in heaven that ever I took half the pains to
preserve it." John Adams

http://appleseedinfo.org




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?4B59BC65.3040905>