From owner-freebsd-questions  Tue Oct 20 03:27:07 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id DAA28950
          for freebsd-questions-outgoing; Tue, 20 Oct 1998 03:27:07 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from defiant.apana.org.au (defiant.apana.org.au [203.11.114.25])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA28942
          for <questions@FreeBSD.ORG>; Tue, 20 Oct 1998 03:27:02 -0700 (PDT)
          (envelope-from dean@odyssey.apana.org.au)
Received: from odyssey.apana.org.au (odyssey.apana.org.au [203.11.114.1])
	by defiant.apana.org.au (8.8.8/8.8.8) with ESMTP id SAA13860;
	Tue, 20 Oct 1998 18:26:01 +0800 (WST)
	(envelope-from dean@odyssey.apana.org.au)
Date: Tue, 20 Oct 1998 18:26:01 +0800 (WST)
From: Dean Hollister <dean@odyssey.apana.org.au>
To: Jason McKay <jasonm@webace.com.au>
cc: questions@FreeBSD.ORG
Subject: Re: CGI Security Questions
In-Reply-To: <2.2.32.19981020101923.00694cb0@webace.com.au>
Message-ID: <Pine.BSF.4.05.9810201824370.26065-100000@odyssey.apana.org.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 20 Oct 1998, Jason McKay wrote:

> A couple of our users want their own CGI directory, therefore I have a
> couple of quick questions:
> 
> 1. How do specify more than one cgi-bin directory?
> 2. I have some worries about security, by default are CGI scripts allowed to
> exec root only programs?  whats to stop a user from uploading a CGI script
> that can do damage to the system?

Compile and install suexec. Make sure the binary is in the same directory
as the httpd binary and its permissions are set correctly (suid).

suexec will allow users to run .cgi programs in their native web pages.
But the important factor is that such programs/scripts run as the *user*
and not root or any other administrative user.

Regards,

d.

+-------------------------------------------------------+
| Dean Hollister,           | dean@mushka.ml.org        |
| Perth, Western Australia. | dean@wa.apana.org.au      |
+-------------------------------------------------------+


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message