Security configuration of the web server (cgi)?

0 like 0 dislike
3 views
Welcome!


There is a problem: clients of servers (hosting) can view the operating system files (e.g. /etc/passwd) using cgi scripts. With PHP the problem is easily solved — open_basedir.


Now this problem is solved by using AppArmor, but unfortunately it is supported in Ubuntu, which use is not very desirable for certain reasons, or OpenSUSE, which is not suitable for production.


Are there any other solutions?


PS

expect that this can be done with SElinux, but unfortunately no deep experience in this technology and time to explore...


PPS

to ignore this problem in our situation is impossible, so the phrase "and what's wrong" you can not write:)
by | 3 views

2 Answers

0 like 0 dislike
As far as I know this is purely a FreeBSD jail thing. And crudity is in principle possible.
by
0 like 0 dislike
what is CGI scripts? for each PL there is a solution. For example, Perl has suexec is possible with it to play.
\r
In General — I advise you to look at what is security policy in ispmanager. Everything in General is very tricky chmod/chown built. In General — in General, you want the impossible, if I understand correctly.
\r
Your way — only crudity CGI tools (Python, perl, etc) and not allow users to run shells outside the chroot.
by

Related questions

0 like 0 dislike
3 answers
The security model of the web application?
asked Mar 25, 2019 by divanikus

Most popular tags

javascript php css html jquery wordpress python linux web-development mysql android windows java layout c# computer-networks node.js cpp iron yii vue.js 1C-Bitrix react laravel django nginx system-administration search-engine-optimization api ubuntu the-it-education. ajax sql programming hosting cms design apache google-chrome bootstrap Vkontakte macos google network-administration git laptops algorithms regular-expressions unity-game-engine email angular database network-equipment software wooсommerce debian .net ios information-security video law-in-it browsers books parsing wi-fi game-development career htaccess postgresql telegram mikrotik mobile-development ruby-on-rails the-domain-name-system modx Yandex c json opencart Habr freelance vpn asp.net windows-server symfony bots hard-drives math qt DIY audio frontend payment-system bash electronics gulp.js user-interface docker online-shopping
110,608 questions
257,186 answers
0 comments
32,858 users