[498] in WWW Security List Archive

home help back first fref pref prev next nref lref last post

Re: Security risks with CGI

daemon@ATHENA.MIT.EDU (Phillip M. Hallam-Baker)
Fri Mar 3 11:35:09 1995

To: Garrett Burke <gburke@dsg.cs.tcd.ie>
cc: hallam@dxal18.cern.ch, www-security@ns2.rutgers.edu
In-reply-to: Your message of "Fri, 03 Mar 1995 08:48:40 GMT."
             <9503030848.aa02370@longvalley.dsg.cs.tcd.ie> 
Date: 	Fri, 03 Mar 1995 13:29:27 +0900
From: "Phillip M. Hallam-Baker" <hallam@dxal18.cern.ch>
Errors-To: owner-www-security@ns2.rutgers.edu


>Knowing there are problems, but not knowing the specifics,
>isn't making an informed decision.

This is one reason why I don't like CGI scripts - there are simply too many
ways to cut your throat to be sure that one hasn't covered every one.

The main danger is that a command will end up spawning an arbitrary subprocess.
Using a restricted shell is not such a usefull solution to this as one might
think. Most UNIX shell level programs are a spaghetti junction of a host of
loosely cooperating programs. This is the alledged "power" of UNIX, the ability 
to pipe the output of processes to kingdom come.

I would strongly recommend that only executable programs are allowed to be 
activated by the server. Interpretive solutions may seem easier to hack up but 
I've never been over impressed by awk and perl solutions, they tend to reflect 
the effort that went into them. 

>Are you saying that the problems with CGI scripts, are general UNIX
>problems, and thus can be tackled as such?

CGI script problems are a superset of UNIX security problems. Its best to accept 
that the system is a conspiracy and look for ways to defeat it rather than to 
ever allow it the benefit of the doubt. Unless you are sure that something is 
safe don't do it.

I know there are some people on the list that like UNIX and think I'm a bit hard 
on it that is probably because security of an O/S is a very important issue for 
me. UNIX has a whole slew of security problems that are unique to it. That means 
that one should always be extra carefull. Its like the difference betweeen 
picking up a date at the local church and visiting the local brothel. Barrier 
methods should be employed in both cases, the difference being that failing to 
use them in the latter case is asking for trouble.


		Practice safe CGI! Always use an r-shell!


In response to all the requests for the UNIX-Haters guide reference the
publisher is IDG Books and the ISBN is 1-56884-203-1. The author is Garfinkel.
Cheapskates can follow up the reference below:

http://pleasant.cambridge.ma.us/unix-haters.html

He also wrote a book on UNIX security with Spaff. 

http://www.cs.purdue.edu/homes/spaf/blurb.html


	-Phill


home help back first fref pref prev next nref lref last post