Re: NCSA httpd: patch for CGI insecurity

• To: www-security@ns2.rutgers.edu
• Subject: Re: NCSA httpd: patch for CGI insecurity
• From: Paul Phillips <paulp@cerf.net>
• Date: Fri, 5 May 1995 09:30:38 -0700 (PDT)
• In-Reply-To: <199505051340.JAA00655@ns2.rutgers.edu>

On Fri, 5 May 1995, Dave Kristol wrote:

> We know running arbitrary CGIs is risky.  Web providers should be
> vetting CGIs before installing them, to reduce the chances of malicious
> behavior.  IMO, the error log should be left open, as a place for CGIs
> to collect stuff written to standard error.  It's unlikely that a web
> provider is billing based on stuff in the error log.

The biggest problem is at companies that lease web space to others.  
If you have a few dozen customers all with CGI access, how will you 
insure that all their scripts are safe? 

As long as it's well known that the error log is untrustworthy, it seems 
safe to leave it open.  Another possibility is to open a pipe between the 
CGI and parent daemon and tie it to the CGI's stderr, preventing the CGI 
from having direct access to the file descriptor but still allowing it to 
log messages.

--
Paul Phillips                                 EMAIL: paulp@cerf.net  
WWW: http://www.primus.com/staff/paulp/       PHONE: (619) 220-0850

• Re: NCSA httpd: patch for CGI insecurity
• From: dmk@allegra.att.com (Dave Kristol)

• Previous: Re: iKP requirement for privacy
• Next: Re: iKP requirement for privacy
• Index(es):
  • Index
  • Thread