"Fossies" - the Fresh Open Source Software Archive
Member "cgiwrap-4.1/doc/pubs" (16 Jun 2008, 2340 Bytes) of package /linux/www/old/cgiwrap-4.1.tar.gz:
As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard
) with prefixed line numbers.
Alternatively you can here view
the uninterpreted source code file.
1 CGIWrap - Publications that Mention CGIWrap
4 Special Edition - Using CGI:
7 Que Corporation
9 Excerpt (750-751):
10 A better solution to the problem of deciding which user a script
11 runs as when multiple people have CGI access is the CGIWrap
12 program. CGIWrap, which is included on the CD that accompanies
13 this book, is a simple wrapper that executes a CGI script as the
14 user that owns the file instead of the user that the server
15 specifies. This simple precaution leaves the script owner
16 responsible for the damage it can do.
18 For instance, if the user "joanne" owns a CGI script that's
19 wrapped in CGIWrap, the server will execute the script as user
20 "joanne." In this way, CGIWrap acts like a setuid bit but has
21 the added advantage of being controlled by the Web server rather
22 than the operating system. That means that anybody who sneaks
23 through any security holes in the script will be limited to
24 whatever "joanne" herself can do-the files she can read and
25 delete, the directories she can view, and so on.
27 Because CGIWrap puts CGI script authors in charge of the
28 permissions for their own scripts, it can be a powerful tool not
29 only to protect important files owned by others, but to motivate
30 people to write secure scripts. The realization that only their
31 files would be in danger can be a powerful persuader to script
34 Excerpted with permission from Special Edition Using CGI
35 Copyright © 1996, Que Corporation
38 The book is pretty good, at least in the copy I got, they say
39 that CGIwrap is included on the CD, but I can't find it
42 Other References
44 * Special Edition, Using Perl for Web Programming, Ch. 9
45 * Perl 5 By Example, Ch 9.
46 * SD Magazine Feature - Safe CGI Scripting
47 * WWW Security FAQ - CGI Scripts
48 * CGI Developers Guide - Ch. 9
49 * Notes on the Security of a UNIX Web Server
50 * Boxed and Wrapped - Lincoln D. Stein
51 * CGI FAQ
52 * Maximum Security - Hackers Guide to Protecting...