RE: Safe CGI scripting
From: Aaron Namba (aaron@namba1.com)
Date: 07/15/01
- Next message: Mikhail Teterin: "Re: FYI: mx2.FreeBSD.org listed by ORBS"
- Previous message: Nickolay A.Kritsky: "Safe CGI scripting"
- In reply to: Nickolay A.Kritsky: "Safe CGI scripting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Aaron Namba" <aaron@namba1.com> To: "Nickolay A.Kritsky" <nkritsky@internethelp.ru>, <security@freebsd.org> Date: Sun, 15 Jul 2001 04:30:59 -0700
I'd recommend simply using cgiwrap or suexec (part of apache). suexec is
more transparent, but is difficult to troubleshoot. cgiwrap is what it
sounds like -- a setuid root wrapper cgi which provides a safe environment
in which to execute other cgi's.
-----Original Message-----
From: owner-freebsd-security@FreeBSD.ORG
[mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Nickolay
A.Kritsky
Sent: Sunday, July 15, 2001 3:54 AM
To: security@freebsd.org
Subject: Safe CGI scripting
Hi, All.
Has anybody heard of the function in kernel or standart librarys with
similiar action:
int isinside(const char *path1,const char *path2)
that returns 1 if file referenced by path2 is "inside" the directory
hierarchy referenced by path1 and 0 in all other cases.
If you don't know such functions, I will try to write myself. In that
case, can you advice me about the fastest/securest/compatiblest ways i
can do this.
Thanks for any help.
;---------------------------------------------
; Nickolay A.Kritsky
; nkritsky@internethelp.ru
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Mikhail Teterin: "Re: FYI: mx2.FreeBSD.org listed by ORBS"
- Previous message: Nickolay A.Kritsky: "Safe CGI scripting"
- In reply to: Nickolay A.Kritsky: "Safe CGI scripting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
