WWW FAQ: Can I safely allow my users to run their own CGI scripts?

Can I safely allow my users to run their own CGI scripts?

CGI scripts are a very powerful facility, with some risks attached to them. In a Unix system, if CGI scripts run with the same user ID as the web server itself, poorly or maliciously written scripts can damage files or open security holes.

There are two important steps that should be taken to correct this:

1. NEVER run your web server as root; make sure it is configured to change to another user ID at startup time. (This is standard practice in all web server distributions, but administrators have been known to change it back to running as root anyway. Don't.)

2. Consider using a wrapper such as <URL:http://www.cs.tu-berlin.de/www/suicide.c>, user.c <URL:ftp://ftp.rz.uni-karlsruhe.de/pub/net/www/tools/cgi-src/> , or CGIwrap <URL:http://www.umr.edu/~cgiwrap> to ensure that each CGI script runs with the permissions and user ID of the user responsible for it.

If proper precautions are taken, user CGI scripts can be reasonably safe. As always, dumb mistakes that open security holes for outsiders are more likely to be the cause of problems than actual malice on the part of your own users.

Also be sure to check out Paul Phillips' excellent collection of CGI security-related pages <URL:http://www.primus.com/staff/paulp/cgi-security/>.

World Wide Web FAQ