At 02:37 PM 5/28/96 +0100, new-httpd@hyperreal.com wrote:
>Anyone got any views on the best/right/etc CGI wrapper to use?
Not sure about the best or the right one, but Malcolm Beattie's safecgiperl
seems to be a good approach (for perl scripts). It does the set*id stuff,
along with executing the script in a 'safe compartment', which uses the Safe
module to disable potentially evil functions such as system(), exec(), etc.
It also provides a "Safe" version of a few functions including open(), where
the script can only write files to a certain area in the user's home
directory. Piping via this version of open() is disabled.
>
>Do any of them use chroot() [he says, being extra paranoid]?
This is disabled with safecgiperl.
-Doug
>
>Cheers,
>
>Ben.
>
>--
>Ben Laurie Phone: +44 (181) 994 6435
>Freelance Consultant and Fax: +44 (181) 994 6472
>Technical Director Email: ben@algroup.co.uk
>A.L. Digital Ltd, URL: http://www.algroup.co.uk
>London, England.
>
>
|