[Previous] [Next] [Index]
[Thread]
Re: NCSA httpd: patch for CGI insecurity
On Fri, 5 May 1995, Dave Kristol wrote:
> We know running arbitrary CGIs is risky. Web providers should be
> vetting CGIs before installing them, to reduce the chances of malicious
> behavior. IMO, the error log should be left open, as a place for CGIs
> to collect stuff written to standard error. It's unlikely that a web
> provider is billing based on stuff in the error log.
The biggest problem is at companies that lease web space to others.
If you have a few dozen customers all with CGI access, how will you
insure that all their scripts are safe?
As long as it's well known that the error log is untrustworthy, it seems
safe to leave it open. Another possibility is to open a pipe between the
CGI and parent daemon and tie it to the CGI's stderr, preventing the CGI
from having direct access to the file descriptor but still allowing it to
log messages.
--
Paul Phillips EMAIL: paulp@cerf.net
WWW: http://www.primus.com/staff/paulp/ PHONE: (619) 220-0850
References: