httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From do...@osf.org (Doug MacEachern)
Subject Re: Opinions on CGI wrappers?
Date Tue, 28 May 1996 15:49:41 GMT
At 02:37 PM 5/28/96 +0100, new-httpd@hyperreal.com wrote:
>Anyone got any views on the best/right/etc CGI wrapper to use?

Not sure about the best or the right one, but Malcolm Beattie's safecgiperl
seems to be a good approach (for perl scripts).  It does the set*id stuff,
along with executing the script in a 'safe compartment', which uses the Safe
module to disable potentially evil functions such as system(), exec(), etc.
It also provides a "Safe" version of a few functions including open(), where
the script can only write files to a certain area in the user's home
directory.  Piping via this version of open() is disabled.  

>
>Do any of them use chroot() [he says, being extra paranoid]?

This is disabled with safecgiperl.

-Doug

>
>Cheers,
>
>Ben.
>
>-- 
>Ben Laurie                  Phone: +44 (181) 994 6435
>Freelance Consultant and    Fax:   +44 (181) 994 6472
>Technical Director          Email: ben@algroup.co.uk
>A.L. Digital Ltd,           URL: http://www.algroup.co.uk
>London, England.
>
>


Mime
View raw message