[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Cgi scripts allow browsing through virtual sites
- Subject: Re: [cobalt-users] Cgi scripts allow browsing through virtual sites
- From: Keith Davis <cache@xxxxxxxxxx>
- Date: Mon May 7 17:54:03 2001
- Organization: Digital Odyssey Web Development
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Kees Wakkerman wrote:
>
> A customer wants to set up a search script that browses through his entire
> (virtual) site on our RAQ4 for certain keywords. One of the parameters in
> the cgi script is the local server path for his site
> (/home/sites/www.xyz.com/web). The script runs without error.
> Now we change the server localpath parameter to /home/sites and... the
> script is suddenly allowed to browse through all the other virtual sites as
> well. Same happens when changing the server localpath parameter to /. How to
> prevent cgi scripts to browse every directory on the RAQ4? How to prevent
> users to browse out of their virtual site context?
Is that a problem? That's a search script. Add the http::client
subroutines to it you could put it on a different server and point it to
any of your domain's urls and it would still read all those files. It's
a search engine, they do that. It's reading only the same files within
domains that Alta Vista's Scooter can read.
But since it's on your server it can also read files outside the domains
area, if you let it. But whether it's reading a file inside a domain or
in the etc directory, it can still only read the files you've let it, in
other words files with at least --- --- r-- permissions. If you give a
file world read permissions then world can indeed read it. Any Perl or
PHP script on the server should be able to read /etc/passwd because it
has -rw-r--r-- permission. But only a script owned by root can read the
/etc/shadow file because it has -rw------- permission.
If you don't want it to be able to read a file don't blame the script,
or change it, change permissions on the file. That is why your site
owners need to be sure CGIWrap is on in their domain and then make sure
their scripts and the files they write to are owned by the same user,
and then give those files only 0600 permissions. Even the ServerAdmin
cannot read those files, let alone a script from a different domain.
I know, it feels insecure, kinda like going out in public without
wearing shorts under your trousers, but it feels more insecure than it
is....
keith