[492] in WWW Security List Archive
Re: Security risks with CGI
daemon@ATHENA.MIT.EDU (Phillip M. Hallam-Baker)
Thu Mar 2 10:11:10 1995
To: Garrett Burke <gburke@dsg.cs.tcd.ie>, www-security@ns2.rutgers.edu
cc: hallam@dxal18.cern.ch
In-reply-to: Your message of "Thu, 02 Mar 1995 09:23:06 GMT."
<9503020923.aa17977@longvalley.dsg.cs.tcd.ie>
Date: Thu, 02 Mar 1995 11:37:43 +0900
From: "Phillip M. Hallam-Baker" <hallam@dxal18.cern.ch>
Errors-To: owner-www-security@ns2.rutgers.edu
>I'm looking for a comprehensive list of security risks with using CGI
>scripts.
It would be a very long one indeed.
I personally think the CGI-script idea was a bad one from the start. If you are
security concious it is much better to have the routine compiled into the
server. Spawning other executables on demand is a flakey business at the best of
times. Spawning shell processes under UNIX is a nightmare.
The problem is that people like having enough rope to hang themselves with. An
analogous "feature" is the idea that someone posts every so often showing how
one can add csh into a mailcap file and automaticaly execute Web pages as they
arrive. I don't think thats a very good idea with a signed, authenticated
service. Someday someone will load a shell script writen for Mupux-4.2.1(b) not
realising that their machine is now running <upux-4.2.2(f)patch levelIV. As a
result of this incompatibility the command rm -Rf / will be executed by
accident.
See the UNIX=Haters guide for the best summary of UNIX related risks.
Phill H-B
