Security configuration of the web server (cgi)?

0 like 0 dislike

There is a problem: clients of servers (hosting) can view the operating system files (e.g. /etc/passwd) using cgi scripts. With PHP the problem is easily solved — open_basedir.

Now this problem is solved by using AppArmor, but unfortunately it is supported in Ubuntu, which use is not very desirable for certain reasons, or OpenSUSE, which is not suitable for production.

Are there any other solutions?


expect that this can be done with SElinux, but unfortunately no deep experience in this technology and time to explore...


to ignore this problem in our situation is impossible, so the phrase "and what's wrong" you can not write:)
by | 29 views

2 Answers

0 like 0 dislike
As far as I know this is purely a FreeBSD jail thing. And crudity is in principle possible.
0 like 0 dislike
what is CGI scripts? for each PL there is a solution. For example, Perl has suexec is possible with it to play.
In General — I advise you to look at what is security policy in ispmanager. Everything in General is very tricky chmod/chown built. In General — in General, you want the impossible, if I understand correctly.
Your way — only crudity CGI tools (Python, perl, etc) and not allow users to run shells outside the chroot.

Related questions

110,608 questions
257,187 answers
40,796 users