[unisog] creating secure asp/cgi servers
eric.rostetter at physics.utexas.edu
Tue Jun 4 18:34:55 GMT 2002
Quoting "H. Morrow Long" <morrow.long at yale.edu>:
> 1. You can run the web server to provide a server side execution environment
> inside a 'jail' (basically you chroot() the web server). You need to set
You need to do more than that. Or I'll write a cgi script that does something
10 goto 10
And DoS your server. So you need to provide for CPU time limits, memory
consumption limits, etc. Plus you need to make sure they cgi script I
put out there doesn't attack someone else (DoS another server or something)
or simply do so much traffic that I bring down your network to a crawl,
which isn't something that can really be done easily. All kinds of fringe
checks that need to be performed.
Of course, most of the time it won't be something as obvious as my above
malicious DoS. It will be a program with a logic mistake causing a loop,
or a memory leak or other memory allocation leak taking up all memory, etc.
> 2. Normally server side scripts and programs should run as a "harmless" user
> by default anyway, but for those cases where a script needs to open and
> write to data files there is code available for Apache to run CGI setuid
> to the user owning the script/directory executing.
There is no such thing as a harmless user if it can consume CPU, Memory,
Disk Space, Network Bandwidth, etc.
The Department of Physics
The University of Texas at Austin
"TAD (Technology Attachment Disorder) is an unshakable, impractical devotion
to a brand, platform, product line, or programming language. It's relatively
harmless among the rank and file, but when management is afflicted the damage
can be measured in dollars. It's also contagious -- someone with sufficient
political clout can infect an entire organization."
--"Enterprise Strategies" columnist Tom Yager.
More information about the unisog