[Security] CGI problem solved
Wed, 23 Jan 2002 15:52:49 +0100 (CET)
polarhome found "some kind of solution" for perl and CGI abuse problem.
>From now on, CGI is enabled just for trusted (shell) users. All other
users (with just ftp account) can not execute CGI scripts.
More to read about differences between shell and ftp users in shell policy
How does it work now?
We changed the CGI wrapper on FreeBSD and Linux box. Instead of suEXEC we
use CGIWrap that allows ACL (access control lists), process and
environment limits and CGI debug as well. With this method registered
users got a much more open and safer CGI environment, but "anonymous" non
registered users lost CGI execution.
PHP is available to all users in safe mode.
More to read about CGIWrap at
Users can not feel the difference. it is absolutely transparent to users
so you can execute your CGI as earlier (in example I will use user Anna's
CGI extensions at polarhome realm are: cgi, pl, py, tcl
It is possible to debug your script with:
(cgiwrapd instead of cgiwrap in URL)
Otherwise it is possible to debug through log files at: