Re: [cobalt-developers] Adding CGI Support to User Directories

["H.P. Stroebel" <hpstr@xxxxxxxxxxxxx>]

Kevin D schrieb:
> 
> The issue I think is mainly that a user could either exploit bugs in the
> wrapper or continue executing scripts so as to generate enough cpu load to
> bring down the server.

i remember there`s a way to limit a user`s cpu time, but i`m not sure
how to do it. rather complicated, i think.
 
> I'm sure others could find much more creative and dangerous things to do
> with cgi access.

if you want really HIGH security, you have to disable cgi. (if you want
TOTAL security, you have to disconnect your server :-)

maybe one could write even a script that checks every .cgi and .pl file
in the executable directories for strange constructs or system calls and
start it via cron. that would work only with scripts (shell, perl,
python etc.) and, at least at the beginning, could be rather "noisy"...

> The good news is that you can disable it with strategically placed .htaccess
> files in user directories...but who wants to go through all that trouble?

you could do that with a shell script

btw: please quote only the text you are responding to


-- 

H. P.  Ströbel

PGP Digital Fingerprint :
58E0 6ECB 620A A689 E206 
BCA8 300F BC45 6EEC F7C3

Yes, I do. But not Yahoo.