faculty.physics
Pages
Top

Running CGI Scripts
This web server employs a number of security measures to ensure the safety of each person's information. Please observe these guidelines so someone else will not tamper with your files.

Each user may have programs called `CGI scripts' which will run on the server machine to provide content to the browser. These scripts can do anything a program can do. Therefore, the following questions must be answered in the affirmative before the program will be run by the wrapper we use.

  • Was the wrapper called with the proper number of arguments? (Apache's problem, not yours.)
  • Is the user executing this wrapper a valid user of this system? (Apache's problem, not yours.)
  • Is this valid user allowed to run the wrapper? (Apache's problem, not yours.)
  • Does the target program have an unsafe hierarchical reference? (No leading '/' or embedded '/../')
  • Is the target user name valid? (Your username)
  • Is the target group name valid? (Your group)
  • Is the target user NOT superuser?
  • Is the target userid ABOVE the minimum ID number? (100)
  • Is the target group NOT the superuser group?
  • Is the target groupid ABOVE the minimum ID number? (100)
  • Can the wrapper successfully become the target user and group?
  • Does the directory in which the program resides exist?
  • Is the directory within the document hierarchy?
  • Is the directory NOT writable by anyone else?
  • Does the target program exist?
  • Is the target program NOT writable by anyone else? (chmod og-w <program name> to satisfy this question.)
  • Is the target program NOT setuid or setgid? (chmod a-s <program name> to satisfy this question.)
  • Is the target user/group the same as the program's user/group?
  • Can we successfully clean the process environment to ensure safe operations?
  • Can we successfully become the target program and execute?

    If you can not answer yes to ALL the above questions, then your program will not run, and we can not help you with it. If you have questions concerning how to satisfy the above requirements, please feel free to contact the Computer Support Group, but remember that the above requirements must be satisfied before you can begin the debugging process over the web.