Date: Fri, 22 Jan 2010 09:55:33 -0500 From: DAve <dave.list@pixelhammer.com> To: 'User Questions' <freebsd-questions@freebsd.org> Subject: Securing cgi scripts Message-ID: <4B59BC65.3040905@pixelhammer.com>
next in thread | raw e-mail | index | archive | help
Good morning all, I have been working on an issue here where I am being asked if we can support letting clients install and run their own CGI scripts on a shared vhost. I have tried sbox and cgiwrap, both which worked, but they cannot stop the one test of reading the /etc/passwd file. Forgive my ignorance here, but I thought CGIs were gone long ago and have not messed with them in over ten years. If a client really needs a specfic CGI script hosted, I check it out thoroughly and install it where they cannot reach it. Those instances are very very rare. It looks to me like the only way to keep a client contained is to run their CGIs chrooted. Would this be correct? DAve -- "Posterity, you will know how much it cost the present generation to preserve your freedom. I hope you will make good use of it. If you do not, I shall repent in heaven that ever I took half the pains to preserve it." John Adams http://appleseedinfo.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B59BC65.3040905>