[4866] in WWW Security List Archive
user cgi advice
daemon@ATHENA.MIT.EDU (elroy)
Fri Mar 21 09:57:05 1997
Date: Fri, 21 Mar 1997 07:16:30 -0600 (CST)
From: elroy <elroy@kcsun3.kcstar.com>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Hello all -
I've finally had a client write their own cgi, and they'd like to
install it for their web-site, which I host on a machine with 56
other domains.
Up until this point we've developed ALL cgi on any of our sites.
I'm concerned about the impact his programming could have on the
machine, and on the other sites. His business isn't worth losing one
or more other domains when his screwed-up or poorly written programs
run amok.
The environment is interesting - I've created chroot'ed environments
for all users who require shell/ftp access, and the httpd's for each
domain run under their own unique (for each site) uid, which helps
segregate permissions and access. The httpd's run from the server
level however, NOT within the chroot'ed space.
My initial thought is to tell them yes, as long as we review the code
and install everything from source. We'd be charging the per hour
programming fee to review the code, by the way. However, we still
haven't filled an open programming position, and we're shorthanded
and falling behind on our projects, so I'm not thrilled about being
distracted by someone else's code.
I'm really in a quandary, and hope someone else has found a good
solution for user cgi's. I'd be happiest if I could be secure AND
give the client freedom to program.
I've been thinking setting pretty low ulimits on their processes
might help, but I'm generally drawing a blank. Maybe if I implemented
a hefty fee for restoring files from backup, too... : )
If anyone has any good advice for me, PLEASE let me know,
either on this list or via personal e-mail. I really appreciate it.
Thanks in advance -
-elroy (elroy@kcstar.com)
