httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zac Stevens <...@cryptocracy.com>
Subject Re: [users@httpd] Re: CGI - Disable #!/bin/sh
Date Sun, 24 Nov 2002 13:22:04 GMT
On Mon, Nov 25, 2002 at 12:11:10AM +1100, Steve wrote:
> Ok ive been looking around the net on how to make cgi secure so u can give
> it to untrusted users..
> 
> Ive heard of a sbox that allows this.. anyone else heard of it?
> 
> or anyone know where there is any other things that can help?

Yes, searching the archives would be a good start.  You can read about it
at http://stein.cshl.org/~lstein/sbox/

Sbox or suexec are, in my opinion, essential for web hosting environments.
Running everything as a sandboxed user (eg, "nobody", or "http") might
protect your system, but if won't protect your customers from each other.

Both suexec and sbox work by extending the unix security model to the
webserver environment.

To be perfectly frank, from the nature of the questions you've been asking
the past week or so I think you'd be best served by getting hold of a unix
administration book with a good section on local security.  Once you
understand the fundamentals, you'll find much of the web-specific stuff to
be self-evident.

HTH,


Zac

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message