From owner-freebsd-security Sun Jul 15 4:31:36 2001 Delivered-To: freebsd-security@freebsd.org Received: from zero.namba1.com (zero.namba1.com [64.75.169.20]) by hub.freebsd.org (Postfix) with ESMTP id D2D4837B401 for ; Sun, 15 Jul 2001 04:31:27 -0700 (PDT) (envelope-from aaron@namba1.com) Received: from [134.173.120.17] by zero.namba1.com (NTMail 5.02.0001/QC8568.34.ce8cdec7) with ESMTP id gyhbaaaa for security@freebsd.org; Sun, 15 Jul 2001 01:31:24 -1000 From: "Aaron Namba" To: "Nickolay A.Kritsky" , Subject: RE: Safe CGI scripting Date: Sun, 15 Jul 2001 04:30:59 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 In-Reply-To: <84162803008.20010715145411@internethelp.ru> Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'd recommend simply using cgiwrap or suexec (part of apache). suexec is more transparent, but is difficult to troubleshoot. cgiwrap is what it sounds like -- a setuid root wrapper cgi which provides a safe environment in which to execute other cgi's. -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Nickolay A.Kritsky Sent: Sunday, July 15, 2001 3:54 AM To: security@freebsd.org Subject: Safe CGI scripting Hi, All. Has anybody heard of the function in kernel or standart librarys with similiar action: int isinside(const char *path1,const char *path2) that returns 1 if file referenced by path2 is "inside" the directory hierarchy referenced by path1 and 0 in all other cases. If you don't know such functions, I will try to write myself. In that case, can you advice me about the fastest/securest/compatiblest ways i can do this. Thanks for any help. ;--------------------------------------------- ; Nickolay A.Kritsky ; nkritsky@internethelp.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message