At the minimum, the user logon for your httpd job should have minimal file
access.
 
Jeff Kell ([log in to unmask]) wrote:
: Hopefully one of our more Posix or Un*x oriented readers can answer this
: question...
 
: Just how "dangerous" are cgi-bin scripts?
 
: I'm imagining things like the jazz-packaged 'mpe_command' example search
: script that invokes an arbitrary MPE command.  Not nice if the user
: enters 'rm.hpbin.sys -R /*' I would think.
 
Luckily, rm won't delete MPE group, account, or root directories.
 
: Suppose a simpler shell script simply invoked an MPE command or program
: via the 'callci' mechanism, using the search argument as a parameter (like
: an info= string).  Is this also open to cases like, for example, the user
: enters "some info `rm -R \` string" (imbedded expression) ?
 
I think the example Mike created on JAZZ may not be a good model.  JAZZ is
basically a crash and burn machine.  If it gets totally trashed it would
probably go out of service for a while.  In your own cgi-bin scripts, you
should be limiting access to things you are comfortable with.
 
: And finally, if you're reading a POST query/form, are those strings
: subject to imbedded shell expressions too?
 
: Perhaps a brief cgi-bin security tutorial is in order here.
 
: [\] Jeff Kell <[log in to unmask]>