[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] Adding CGI Support to User Directories

Subject: Re: [cobalt-developers] Adding CGI Support to User Directories
From: "Kevin D" <kdlists@xxxxxxxxx>
Date: Sat Jun 17 08:05:55 2000

The issue I think is mainly that a user could either exploit bugs in the
wrapper or continue executing scripts so as to generate enough cpu load to
bring down the server.

I'm sure others could find much more creative and dangerous things to do
with cgi access.

The good news is that you can disable it with strategically placed .htaccess
files in user directories...but who wants to go through all that trouble?

Kevin

----- Original Message -----
From: Chief Executive Officer <ceo@xxxxxxxxxxxxxxxxx>
To: <cobalt-developers@xxxxxxxxxxxxxxx>
Sent: Wednesday, June 14, 2000 2:27 PM
Subject: Re: [cobalt-developers] Adding CGI Support to User Directories


> Hi Kevin -
>
> I actually find it convenient for running many CGI programs out of
the -bin,
> but still through the wrapper, although I am not a expert on linux
security
> issues.
>
> Max
> ----- Original Message -----
> From: "Kevin D" <kdlists@xxxxxxxxx>
> To: <cobalt-developers@xxxxxxxxxxxxxxx>
> Sent: Wednesday, June 14, 2000 11:13 AM
> Subject: Re: [cobalt-developers] Adding CGI Support to User Directories
>
>
> > Responding to my own post...I know I know, bad form...
> >
> > In any event, it seems that the way the wrapper is set up in http.conf,
it
> > doesn't matter where you put the cgi files, so long as they end in .pl
or
> > .cgi and have the correct permissions, they will run through the
wrapper.
> > This is true of the users directories as well. Does anyone else see this
> as
> > a minor security issue??
> >
> > Kevin
> >
> > ----- Original Message -----
> > From: Kevin D <kdlists@xxxxxxxxx>
> > To: <cobalt-developers@xxxxxxxxxxxxxxx>
> > Sent: Wednesday, June 14, 2000 1:25 PM
> > Subject: [cobalt-developers] Adding CGI Support to User Directories
> >
> >
> > > Hi All,
> > >
> > > I need to enable CGI support for each of the user directories on  a
> > > particular web site on my Raq3. I have an idea on how to do this by
> > editing
> > > http.conf for each user, but I am not sure of the specifics and before
I
> > go
> > > mucking around I figured I would solicit some expert opinions.
> > >
> > > Kevin DeMello
> > > Webmaster
> > > Micro Technology Solutions, Inc.
> > > www.mtsolutions.net
> > > Ph.508.324.9475   Fa.508.324.4477
> > > 4171 North Main Street, Fall River, MA 02720
> > >
> > >
> > >
> > > _______________________________________________
> > > cobalt-developers mailing list
> > > cobalt-developers@xxxxxxxxxxxxxxx
> > > http://list.cobalt.com/mailman/listinfo/cobalt-developers
> >
> >
> > _______________________________________________
> > cobalt-developers mailing list
> > cobalt-developers@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-developers
> >
>
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers

Follow-Ups:
- Re: [cobalt-developers] Adding CGI Support to User Directories
  - From: H.P. Stroebel

References:
- [cobalt-developers] RaQ3 Shell Tools
  - From: Jeff Bilicki
- [cobalt-developers] Adding CGI Support to User Directories
  - From: Kevin D
- Re: [cobalt-developers] Adding CGI Support to User Directories
  - From: Kevin D
- Re: [cobalt-developers] Adding CGI Support to User Directories
  - From: Chief Executive Officer

Prev by Date: Re: [cobalt-developers] Perl DBI where is it??
Next by Date: Re: [cobalt-developers] DNS GUI assistance
Previous by thread: Re: [cobalt-developers] Adding CGI Support to User Directories
Next by thread: Re: [cobalt-developers] Adding CGI Support to User Directories

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index