[Previous] [Next] [Index]
[Thread]
Re: Security risks with CGI
>Knowing there are problems, but not knowing the specifics,
>isn't making an informed decision.
This is one reason why I don't like CGI scripts - there are simply too many
ways to cut your throat to be sure that one hasn't covered every one.
The main danger is that a command will end up spawning an arbitrary subprocess.
Using a restricted shell is not such a usefull solution to this as one might
think. Most UNIX shell level programs are a spaghetti junction of a host of
loosely cooperating programs. This is the alledged "power" of UNIX, the ability
to pipe the output of processes to kingdom come.
I would strongly recommend that only executable programs are allowed to be
activated by the server. Interpretive solutions may seem easier to hack up but
I've never been over impressed by awk and perl solutions, they tend to reflect
the effort that went into them.
>Are you saying that the problems with CGI scripts, are general UNIX
>problems, and thus can be tackled as such?
CGI script problems are a superset of UNIX security problems. Its best to accept
that the system is a conspiracy and look for ways to defeat it rather than to
ever allow it the benefit of the doubt. Unless you are sure that something is
safe don't do it.
I know there are some people on the list that like UNIX and think I'm a bit hard
on it that is probably because security of an O/S is a very important issue for
me. UNIX has a whole slew of security problems that are unique to it. That means
that one should always be extra carefull. Its like the difference betweeen
picking up a date at the local church and visiting the local brothel. Barrier
methods should be employed in both cases, the difference being that failing to
use them in the latter case is asking for trouble.
Practice safe CGI! Always use an r-shell!
In response to all the requests for the UNIX-Haters guide reference the
publisher is IDG Books and the ISBN is 1-56884-203-1. The author is Garfinkel.
Cheapskates can follow up the reference below:
http://pleasant.cambridge.ma.us/unix-haters.htm
He also wrote a book on UNIX security with Spaff.
http://www.cs.purdue.edu/homes/spaf/blurb.htm
-Phill
References: