[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-developers] cgitelnet.pl security issue
- Subject: Re: [cobalt-developers] cgitelnet.pl security issue
- From: "Paul Adamson" <mail@xxxxxxxxxxxxxxxxx>
- Date: Mon Jan 28 18:17:58 2002
- List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>
Research something called cgiwrapper, it's a 'sandbox' which the cgi gets to
play in to stop it breaking anything. Here it is...
"CGIWrap is a gateway program that allows general users to use CGI scripts
and HTML forms without compromising the security of the http server. Scripts
are run with the permissions of the user who owns the script. In addition,
several security checks are performed on the script, which will not be
executed if any checks fail."
In short, a telnet cgi will be run with the permissions of the owner, so
unless it's owned by admin or root then it'll be restricted to your own
files.
cgi-wrapper is installed and used by cobalt machines, so this should already
be happening.
Hope this helps,
Paul.
----- Original Message -----
From: "Schiltz Luc" <becher@xxxxxx>
To: <cobalt-developers@xxxxxxxxxxxxxxx>
Sent: Sunday, January 27, 2002 4:51 AM
Subject: [cobalt-developers] cgitelnet.pl security issue
> Hi,
>
> does anybody know how to limit cgi files that one
> can not use them to walk through the whole server ?
>
> in php you can limit the access to the directories
> but is this possible with cgi too ? as cgitelnet.pl allows
> users to walk through the server
>
> many thanks
>
> Luc
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>