Hello security experts!
On our Webserver (apache 1.3) we are running CGIs. Can anyone tell me
something about security problems with that. CGIs are perl-scripts and
we are running virtual hosts.
Bye,
Jan
by Jan Theofe » Tue, 05 Jan 1999 04:00:00
Hello security experts!
On our Webserver (apache 1.3) we are running CGIs. Can anyone tell me
something about security problems with that. CGIs are perl-scripts and
we are running virtual hosts.
Bye,
Jan
by Matt Curti » Tue, 05 Jan 1999 04:00:00
--
I am setting up a Linux/Apache server for teaching a class in CGI and
Perl. I want to make the server reasonably secure so that students
can't hack the system and they also can't read/write in each other's
areas. This server will be dedicated to students accounts.
Departmental accounts will all be on a different machine.
I welcome any comments or suggestions on the best way to do this.
One thought I had was to create two accounts for each student: their
normal user account (juser) and a phantom account (juser_nobody). I
would then put juser and juser_nobody in the same group: juser_group
and make this juser's primary group. The only extra privileges that
juser_nobody has is membership in this group. The students' scripts
would always run (via cgiwrap or the equivalent) as juser_nobody.
That way each student can tailor the CGI access in their own area by
setting the group permissions on files and directories and yet be
denied access to other areas the same way that "nobody" is.
2. Getting SLS a1,a2... as .tar files
3. Apache 1.3 / unix & CGI security
5. Korn shell and cgi security
7. CGI security vulnerability: %0A (newlines) in user-supplied data
8. Rewriting "From:" addresses
9. CGI security
11. <n> virtual hosts problem + cgi security question
12. help with CGI security issue (Solaris 2.7)
13. SSI & CGI security question