SLAC's CGI Script Security Wrapper

Last Update: May 27, 1998
SLAC, the Lab | SLAC Home

Contents

This page and the Security Wrapper are still in development.

Introduction

In many cases a WWW author may want to provide customized output which is produced by a special script, exec or program. This program may be used for such things as extracting data from a database, doing calculations or possibly to execute some other Unix command. WWW provides this capability through what are called CGI (Common Gateway Interface) scripts. A major drawback to providing CGI scripts at SLAC is that scripts at this level do not have any security and could potentially execute undesirable commands or have unexpected results. See an overview on CGI script security risks and Writing More Secure CGI Scripts for more information. Also see SLAC's CGI Security Wrapper Implementation for details on how the wrapper is implemented.

In order to easily provide some minimal level of security for CGI scripts on the SLAC WWW server, we have provided a CGI security Wrapper called, appropriately enough, cgi-wrap. The server invokes the user's CGI script through the Wrapper which is itself a CGI script. The Wrapper provides some simple checking on the input to the user's CGI script. It also makes it trivial to execute "authorized" UNIX commands. Finally, it also kills any stalled processes created by the user's CGI script and imposes some resource-usage limits on the processes.

Input

The Wrapper filters the input from the various possible input sources: the CGI environment variables PATH_INFO and QUERY_STRING, standard input and the command line in the following ways:

How the Wrapper Calls the Script/Command

In order to reduce the possibility of the client attacking the server, the Wrapper will only call commands that are included in a Rules file. This file provides a list of correspondences between information in the URL or Form and the actual command to be executed. It also provides information on restrictions to be applied to executing the Script/Command. These restrictions include:

Invoking the Wrapper from Your URL or Form

To invoke your script from a URL: To invoke your Script from a Form, proceed as follows:

What Else do You have to do

Assuming that the script qualifies (e.g. is in SLAC's interest, is robust and secure), then initially it will be entered into the rules file to execute only in SLAC's test WWW server at www-dev.slac.stanford.edu.

When the script is ready to go into production then:

Examples of REXX scripts to be called by the Wrapper


* This page is only accessible from SLAC hosts.
Les Cottrell and George Crane

[ Writing REXX CGI Scripts | Writing More Secure CGI Scripts | Feedback ]