Date: Sun, 15 Jul 2001 04:30:59 -0700 From: "Aaron Namba" <aaron@namba1.com> To: "Nickolay A.Kritsky" <nkritsky@internethelp.ru>, <security@freebsd.org> Subject: RE: Safe CGI scripting Message-ID: <NEBBKJCBCMINPHLGKLHDCEKPHFAA.aaron@namba1.com> In-Reply-To: <84162803008.20010715145411@internethelp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
I'd recommend simply using cgiwrap or suexec (part of apache). suexec is more transparent, but is difficult to troubleshoot. cgiwrap is what it sounds like -- a setuid root wrapper cgi which provides a safe environment in which to execute other cgi's. -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Nickolay A.Kritsky Sent: Sunday, July 15, 2001 3:54 AM To: security@freebsd.org Subject: Safe CGI scripting Hi, All. Has anybody heard of the function in kernel or standart librarys with similiar action: int isinside(const char *path1,const char *path2) that returns 1 if file referenced by path2 is "inside" the directory hierarchy referenced by path1 and 0 in all other cases. If you don't know such functions, I will try to write myself. In that case, can you advice me about the fastest/securest/compatiblest ways i can do this. Thanks for any help. ;--------------------------------------------- ; Nickolay A.Kritsky ; nkritsky@internethelp.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NEBBKJCBCMINPHLGKLHDCEKPHFAA.aaron>