You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Ben Laurie <be...@gonzo.ben.algroup.co.uk> on 1996/05/28 15:37:37 UTC

Opinions on CGI wrappers?

Anyone got any views on the best/right/etc CGI wrapper to use?

Do any of them use chroot() [he says, being extra paranoid]?

Cheers,

Ben.

-- 
Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant and    Fax:   +44 (181) 994 6472
Technical Director          Email: ben@algroup.co.uk
A.L. Digital Ltd,           URL: http://www.algroup.co.uk
London, England.

Re: Opinions on CGI wrappers?

Posted by "Jason A. Dour" <ja...@bcc.louisville.edu>.

-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 28 May 1996, Ben Laurie wrote:
> Anyone got any views on the best/right/etc CGI wrapper to use?

	I'm coding one for use with Apache.  I can say with certainty that
cgiwrap has more options at this point, but the goal for my product is
efficiency.  Instead of calling cgiwrap for a CGI call that subsequently
does paranoia/security checks, the server would have paranoia code within
it, and would only exec() should the server's paranoia be soothed.  8)

	mod_sucgi 0.1.0 (the first beta) is available at present from:

		http://www.louisville.edu/~jadour01/mothersoft/

	mod_sucgi 0.2.0 (son of beta) should be available soon.  This
version should have more paranoia internal to the server...  The version
after this (plan beta from MotherSoft) should have better logging, etc.

> Do any of them use chroot() [he says, being extra paranoid]?

	No.  I'll give you the process we're operating on at present.

	1.  CGI?
	2.  UserDir CGI? (If no, punt to normal CGI use)
	3.  Backend SUID layer
	4.  Return.

	The next release will have:

	1.  CGI?
	2.  UserDir CGI? (if no, punt to normal CGI use)
	3.  Paranoia checks (If *any* fail, then punt out with error)
	4.  Backend SUID later
	5.  Return.

	Exactly what paranoia checks we'll be implementing is unclear.
If anyone has any comments/suggestions/requests regarding suCGI, then feel
free to email me.  In the next week or so I'll be finishing coding on Son
Of Beta...so if you want to see something added, please email it to me.

	Again (just in case there are some rabid cgiwrap fans out there),
the goal for suCGI is *efficiency.*  suCGI is entirely an Apache-only
product, and we will not be porting it to other servers.  We are drooling
Apache fans here at UofL and MotherSoft, and so we coded a wrapper that
was more internalized than cgiwrap.  Cgiwrap will still have a
home...don't worry.  8P

Jason
+ Jason A. Dour                       jad@bcc.louisville.edu               +
| Programmer Analyst II               http://www.louisville.edu/~jadour01/ |
| Dept. of Radiation Oncology         Finger for Geek Code, PGP Public Key,|
+ University of Louisville            PJ Harvey info, and other stuff...   +

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMasnRZo1JaC71RLxAQHYXQP9H7V9qNGAQuKn+wr3Zhl63mhfD1N7N3De
jRH7zeJnXh4h6lDEkwES2W+9ziYN3ulscbbQqCtMD3BmPPSlAYGxdd11orOIjwSZ
Htn7vGoIHWQpenbopEdRQKS3C4sRsfhxI08DOL0k7sgHMyHoAPhZqpzbxK5sgnc0
H2H7zCUe05Q=
=gjFM
-----END PGP SIGNATURE-----