httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <>
Subject Re: tudent/public_html stuff, which would *not* be a good thing.
Date Wed, 05 Jun 1996 20:40:05 GMT
>   I have seen no comments on the latest spin of sucgi.c that I mailed
>   yesterday. I think that restricting execution to the DocumentRoot
>   greatly improves things.
>   Can *you* compromise your system with it?
> So long as *every* executable below DocumentRoot was written with the
> expectation that it would run setuid, and makes appropriate checks, this
> is probably about as good as a CGI-wrapper gets.  However, the notion of
> a single common prefix could get to be restrictive.  One very common
> application of cgi-wrappers is for /~foo/ directories at university
> sites --- if you try to control that with a single common path prefix,
> you'll probably get all the ~student/bin directories swept up with the
> rst

Restrictive is correct. I have in the back of my mind to make
DOC_ROOT a list for my purposes. There may be other ways to
make this fly as well. I'm trying to avoid an on disk config

'~' expansion *should* point to a subdirectory of the user home.
I'm sure that there are sites that give the entire home away.

In my case, public_html directories are linked under the docroot,
so it works for me. As long as I can make sure that every CGI
under docroot runs as some user to whom it belongs, they should
only be able to muck with their own files.

One other thing that I did not mention in my previous mail about
FrontPage.  The FrontPage CGI is the only CGI that I want to allow
in the public_html space. This will require possibly another
config directive.

View raw message