Red Hat NETSCAPE ENTERPRISE SERVER 6.1 - NSAPI PROGRAMMER GUIDE Manuale Utente Scaricare il pdf (Pagina 15)

Enterprise Server 6.1 APIs

Chapter 1 Overview 15

Cgistub enforces the following security restrictions:

• The user the CGI program executes as must have a uid of 100 or greater. This

prevents anyone from using

Cgistub to obtainroot access.

• The CGI program must be owned by the user it is executed as and must not be

writable by anyone other than its owner. This makes it difficult for anyone to

covertly inject and then remotely execute programs.

•

Cgistub creates its UNIX listen socket with 0700 permissions.

After you have installed

Cgistub, you can create custom execution environments

in the following ways:

• Specifying a Unique CGI Directory and UNIX User and Group for a Virtual

Server

• Specifying a Chroot Directory for a Virtual Server

Specifying a Unique CGI Directory and UNIX User and Group for a Virtual

Server

To preventa virtual server’s CGI programsfrom interferingwith otherusers, these

programs shouldbe stored in aunique directory andexecute with the permissions

of a unique UNIX user and group.

First, create theUNIX userand group.Theexactsteps required to createa user and

group vary by operating system. For help, consult your operating system's

documentation.

Next, follow these steps to create a

cgi-bin directory for the virtual server:

1. Log in as the superuser.

Change to the virtual server directory.

cd vs_dir

NOTE Socket permissions are not respected on a number of UNIX

variants, including current versions of SunOS™/Solaris™. To

prevent a malicious user from exploiting

Cgistub, change the

server’s temporary directory (using the

magnus.conf TempDir

directive) to a directory accessible only to the server user. For

details, see the Netscape Enterprise Server NSAPI Programmer’s Guide.

1 2 ... 10 11 12 13 14 15 16 17 18 19 20 ... 147 148

Nessun commento

Red Hat NETSCAPE ENTERPRISE SERVER 6.1 - NSAPI PROGRAMMER GUIDE Manuale Utente Pagina 15