Using CGIWrap
Questions List
Answers List
-
Introduction
Written by Nathan Neulinger, CGIWrap was designed to improve the security model of a web server.
For CGI programs that need to write to files, most web servers are too paranoid for an effective security model. Our web server (Apache) is no exception -- typically, members have needed to open "world-writable" permissions on files before CGI programs can write to them.
CGIWrap solves this problem by running CGI programs using a member's username and permissions. This obviates the need for "world-writable" permissions on a CGI program's data files. (Additional benefits are discussed under "security considerations".)
-
Implementing CGI with CGIWrap
Here at Sonic, using CGIWrap is easy --simply replace URL references to "/cgi-bin/" with "/cgi/". For instance, for a hypothetical username "scott":
Note: a click on the "hypothetical" examples above will show the hypothetical permissions with which "id.cgi" would run.)
-
Security Considerations
Obviously, CGI programs need to be secure. However, it may be comforting to know that, should your CGI program be subverted, it can only affect "web" data -- our web server can't "see" your home directory, ftp directory, or email.
Nevertheless, a healthy paranoia is indicated to prevent grief from Devious Ruffians. Always check your permissions and programming.
Here I should define a few terms from Unix jargon:
mode- Contains the permissions of a file (Answering questions like: who can read it? who can write to it?)
chmod- The name of the program that changes a file's mode
Before CGIWrap will execute a file, the file must satisfy the following conditions:
Contained within the user's cgi-bin hierarchy
Running ".cgi" files in a user's /home/WWW_pages/ hierarchy isn't supported (yet?).Owned by user
If somebody else owns a program in your CGI directory, CGIWrap won't compound the problem by running it.Regular file
The file can't be a pipe, socket, or symbolic link (alias).Isn't setuid
This affects folks using their own CGI wrappers. Using the permissions recommendations (discussed below) will solve this problem. Alternately, if your wrapper is set up correctly, you probably don't need CGIWrap."World" (or "other") execute bit set
This is local to Sonic -- essentially, we added the ability to "turn off" and "turn on" CGI's by flipping the "----------x" bit. This allows members to work on CGI programs without worrying about a program being "on the air." To "go live",chmod o+xthe file.
We recommend you set permissions to the minimum necessary to do the job. The general rule is to set the user permissions to something comfortable, and turn off everything else. Then, to make a program or script available to CGIWrap, turn on the other "
Here are the absolute minimums:--x" bit.Minimums Item Octal mode Symbolic mode Description Compiled Programs 0101 ---x-----xPrograms in the server's native executable format Scripts (or runtime-compiled programs) 0501 -r-x-----xPerl or shell scripts Files 0600 -rw-------Allows read/write of files by a CGIWrapped program or script However, if you're in the midst of CGI development, you might find it convenient to write to your own files:
Writable by you Item Octal mode Symbolic mode Description Compiled Programs 0701 -rwx-----xPrograms in the server's native executable format Scripts (or runtime-compiled programs) 0701 -rwx-----xPerl or shell scripts Files 0600 -rw-------Allows read/write of files by a CGIWrapped program or script The modes page describes how to set permissions to octal or symbolic specifications at the shell. Alternately, many ftp clients provide an interface for changing permissions.
Also, please visit sonic.help.cgi if you have questions or comments about this page or CGI in general.
