Re: Policing user CGI scripts
chris_at_nospam.com
Date: 07/05/04
- Previous message: Walter Roberson: "Re: Policing user CGI scripts"
- In reply to: Akop Pogosian: "Policing user CGI scripts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 04 Jul 2004 22:43:44 GMT
On Sun, 4 Jul 2004 17:20:47 +0000 (UTC), Akop Pogosian
<akopps+usenet@ocf.berkeley.edu.remuvthis.com> wrote:
>Does there exist a security tool that can be used to scan the user
>home directories for presence of the versions of popular, freely
>distributed CGI or .php scripts that have well known security
>problems? Of course, if such tool could also look for the dangerous
>code in general that would be even better.
>
>
>-akop
While looking for known vulnerable cgi-scripts is a good idea, it's
not a complete solution. How do you handle poorly written scripts
created by users?
Best bet is to limit the environment and control what damage any
errant script can do. As another posted stated, proper firewall
controls are a good idea. Setting up the webserver to run cgi-scripts
as a safe user is vital. I know at least one provider that runs all
cgi-scripts under a single account which allows scripts to see other
users files (horrible idea).
-Chris
- Previous message: Walter Roberson: "Re: Policing user CGI scripts"
- In reply to: Akop Pogosian: "Policing user CGI scripts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
