Go to project page or browse CVS tree.
securecgi - wrapper for secure executing of CGI programs
SecureCGI is a suid-ed wrapper which executes CGI scripts with owner rights. It also modifies resources limits and drops capabilities. It supports normal CGI mode and Non-Parseable Headers (NPH) mode.
SecureCGI cleans environment variables and passes only variables which are considered safe:
AUTH_TYPE, CONTENT_LENGTH, CONTENT_TYPE, DATE_GMT, DATE_LOCAL, DOCUMENT_NAME, DOCUMENT_PATH_INFO, DOCUMENT_ROOT, DOCUMENT_URI, FILEPATH_INFO, GATEWAY_INTERFACE, HTTP_*, HOME, LAST_MODIFIED, PATH_INFO, PATH_TRANSLATED, QUERY_STRING, QUERY_STRING_UNESCAPED, REDIRECT_QUERY_STRING, REDIRECT_STATUS, REDIRECT_URL, REMOTE_ADDR, REMOTE_HOST, REMOTE_IDENT, REMOTE_PORT, REMOTE_USER, REQUEST_METHOD, REQUEST_URI, SCRIPT_FILENAME, SCRIPT_NAME, SCRIPT_URI, SCRIPT_URL, SERVER_ADMIN, SERVER_NAME, SERVER_ADDR, SERVER_PORT, SERVER_PROTOCOL, SERVER_SOFTWARE, UNIQUE_ID, USER_NAME, TZ
AddType application/x-securecgi .cgi Action application/x-securecgi /internal-cgi-bin/securecgi ScriptAlias /internal-cgi-bin/ /usr/lib/cgi-bin/
The Apache server renames CGI environment variables and adds prefix ``REDIRECT_''. If the REDIRECT_STATUS is set, other REDIRECT_* variables are renamed to original names. That means the REDIRECT_* variables overwrites the variables without prefix.
An example usage:
Script PUT /cgi-bin/nph-securecgi SetEnv SCGI_REMOTE_USER_MODE 1 SetEnv SCGI_INTERPRETER /usr/lib/cgi-bin/nph-put
If is unset or contains unknown value, the normal mode is used. This means the user name is set based on script file owner.
The CGI scripts without hashbang at first line of script file (#!/path/to/interpreter) can be handled with a help of mod_rewrite.so. I.e.:
PassEnv SCGI_INTERPRETER RewriteRule ^/(.*\.php4?)$ /var/www/$1 [T=application/x-securecgi, E=SCGI_INTERPRETER:/usr/lib/cgi-bin/php4,L]
SetEnv SCGI_RLIMIT_NPROC 20 SetEnv SCGI_RLIMIT_NOFILE 64 SetEnv SCGI_RLIMIT_AS 100000000 SetEnv SCGI_RLIMIT_CPU 30 SetEnv SCGI_RLIMIT_CORE 0
SetEnv SCGI_PRIORITY 10
This setting works if special kernel patch is applied. The empty value means no capabilities at all so script shouldn't run setuid-ed binaries, can't send.
I.e.:
SetEnv SCGI_CAP to disable any capabilities, or
SetEnv SCGI_CAP = cap_set_uid,cap_set_gid to allow to run setuid-ed and setgid-ed binaries.
See /usr/include/linux/capability.h file for list of kernel capabilities.
I.e.:
SetEnv SCGI_ERROR_DOCUMENT_404=http://my.server.com/err404.html SetEnv SCGI_ERROR_DOCUMENT_500=http://my.server.com/err500.html
setrlimit(3), setpriority(3), cap_from_text(3)
(c) 2001-2002 Krzysztof Bielawski (c) 2001-2003 Piotr Roszatycki <dexter@debian.org>
All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License, the latest version.