[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] Re: CGI Wrap Errors

Subject: Re: [cobalt-developers] Re: CGI Wrap Errors
From: corliss@xxxxxxxxxxxxxxx
Date: Fri May 26 08:50:03 2000

On Fri, 26 May 2000, Kevin D wrote:

> This entire thread is silly. I just purchased a Raq3i and created a few
> users to test your "security" issues. I find that even as a web site admin,
> I can't access users directories, or any sensitive system areas. The only
> thing I can access are the public web directories, which (DUH) are PUBLIC,
> and accessible by anyone, anywhere on the net.

You've overlooked the fact that there will be PRIVATE areas for sites that
have memberships, etc, that need to be under the public section.  As you say,
DUH.  2755, if that's what they use (again, I've only used Qubes, since I
would never use Cobalt on a public network), it's absurd.

> For those of you who don't care for the cgi-wrap, you have obviously never
> run an ISP unix public web server where your constant fear is a user
> executing a script that issues a command like "rm -r" on the root directory.
> Now, if you are the only developer for your raq, I can understand disabling
> cgi-wrap (although I would still advise against it, as even a seasoned user
> can bring down a system with bad code). But if you plan to use the device in
> a public setting, turning cgi-wrap off is equivalent to giving all your
> users the root password.

Agreed, here.  CGI wrappers are critical if you're going to allow untrusted
users to run their own CGI.  Not to mention with the resource caps you can put
in place, it'll help maintain some performance constraints.  I applaud Cobalt
Microsystems for using that, it was a wise choice.

> Why not put a cobalt raq on a public network? Mine seems perfectly secure,
> as secure as any other linux/unix based system out there.

Mind you, I'm not saying there's anything wrong with Cobalt's product, but
anything that can allow root-level access for box configuration via a web
browser just gives me the heebie-jeebies.  The last thing I want to do is have
to do an audit on their Perl code just to make sure there's no lurking holes.

Just personal preference, that's all.

	--Arthur Corliss
	  Programmer/Administrator
	  Gallant Technologies (http://www.gallanttech.com/)

Follow-Ups:
- [cobalt-developers] Spread of Directory share on multiple servers
  - From: Daniel Ouellet

References:
- Re: [cobalt-developers] Re: CGI Wrap Errors
  - From: Kevin D

Prev by Date: Re: [cobalt-developers] Second Drive Backup
Next by Date: [cobalt-developers] Re: CGI Wrap Errors
Previous by thread: Re: [cobalt-developers] Re: CGI Wrap Errors
Next by thread: [cobalt-developers] Spread of Directory share on multiple servers

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index