Go to project page or browse CVS tree.

SourceForge.net Logo

NAME

securecgi - wrapper for secure executing of CGI programs

DESCRIPTION

SecureCGI is a suid-ed wrapper which executes CGI scripts with owner rights. It also modifies resources limits and drops capabilities. It supports normal CGI mode and Non-Parseable Headers (NPH) mode.

Environment

SecureCGI cleans environment variables and passes only variables which are considered safe:

AUTH_TYPE, CONTENT_LENGTH, CONTENT_TYPE, DATE_GMT, DATE_LOCAL, DOCUMENT_NAME, DOCUMENT_PATH_INFO, DOCUMENT_ROOT, DOCUMENT_URI, FILEPATH_INFO, GATEWAY_INTERFACE, HTTP_*, HOME, LAST_MODIFIED, PATH_INFO, PATH_TRANSLATED, QUERY_STRING, QUERY_STRING_UNESCAPED, REDIRECT_QUERY_STRING, REDIRECT_STATUS, REDIRECT_URL, REMOTE_ADDR, REMOTE_HOST, REMOTE_IDENT, REMOTE_PORT, REMOTE_USER, REQUEST_METHOD, REQUEST_URI, SCRIPT_FILENAME, SCRIPT_NAME, SCRIPT_URI, SCRIPT_URL, SERVER_ADMIN, SERVER_NAME, SERVER_ADDR, SERVER_PORT, SERVER_PROTOCOL, SERVER_SOFTWARE, UNIQUE_ID, USER_NAME, TZ

REDIRECT_*
SecureCGI can be used with Apache server with mod_actions.so. I.e.: 
 AddType application/x-securecgi .cgi
 Action application/x-securecgi /internal-cgi-bin/securecgi
 ScriptAlias /internal-cgi-bin/ /usr/lib/cgi-bin/

The Apache server renames CGI environment variables and adds prefix ``REDIRECT_''. If the REDIRECT_STATUS is set, other REDIRECT_* variables are renamed to original names. That means the REDIRECT_* variables overwrites the variables without prefix.

HTTP_AUTHORIZATION
If this variable exists, its content is decoded from BASE64 form and extracted to REMOTE_USER, REMOTE_PASSWORD variables (CGI standard) and PHP_AUTH_USER, PHP_AUTH_PW variables (used by PHP).

SCGI_REMOTE_USER_MODE
If this variable is set to ``1'', the REMOTE_USER variable contains the user name which priviliges will be used after executing the CGI script.

An example usage:

 Script PUT /cgi-bin/nph-securecgi
 SetEnv SCGI_REMOTE_USER_MODE 1
 SetEnv SCGI_INTERPRETER /usr/lib/cgi-bin/nph-put

If is unset or contains unknown value, the normal mode is used. This means the user name is set based on script file owner.

SCGI_INTERPRETER
The path to interpreter. The PATH_TRANSLATED will be argument.

The CGI scripts without hashbang at first line of script file (#!/path/to/interpreter) can be handled with a help of mod_rewrite.so. I.e.:

 PassEnv SCGI_INTERPRETER
 RewriteRule ^/(.*\.php4?)$ /var/www/$1 [T=application/x-securecgi,
  E=SCGI_INTERPRETER:/usr/lib/cgi-bin/php4,L]

SCGI_RLIMIT_*
The resource limits (* is a CORE, CPU, FSIZE, MEMLOCK, NOFILE, NPROC, RSS, STACK, AS, LOCKS). I.e.: 
 SetEnv SCGI_RLIMIT_NPROC 20
 SetEnv SCGI_RLIMIT_NOFILE 64
 SetEnv SCGI_RLIMIT_AS 100000000
 SetEnv SCGI_RLIMIT_CPU 30
 SetEnv SCGI_RLIMIT_CORE 0

SCGI_PRIORITY
The nice level (priority). I.e.: 
 SetEnv SCGI_PRIORITY 10

SCGI_CAP
Inherited capabilities in textual representation, see cap_from_text(3). Empty value means no capabilities. 'all' means all raised capabilities.

This setting works if special kernel patch is applied. The empty value means no capabilities at all so script shouldn't run setuid-ed binaries, can't send.

I.e.:

 SetEnv SCGI_CAP
 
to disable any capabilities, or
 SetEnv SCGI_CAP = cap_set_uid,cap_set_gid
 
to allow to run setuid-ed and setgid-ed binaries.

See /usr/include/linux/capability.h file for list of kernel capabilities.

SCGI_ERROR_DOCUMENT_*
The location of error document. If SecureCGI wrapper is failed, it generates error message (for 404 and 500 status code). This settings allow to use customized error messages.

I.e.:

 SetEnv SCGI_ERROR_DOCUMENT_404=http://my.server.com/err404.html
 SetEnv SCGI_ERROR_DOCUMENT_500=http://my.server.com/err500.html

SEE ALSO

setrlimit(3), setpriority(3), cap_from_text(3)

AUTHOR

(c) 2001-2002 Krzysztof Bielawski (c) 2001-2003 Piotr Roszatycki <dexter@debian.org>

All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License, the latest version.