|
The easiest way to harden a cgi-bin program is to
make the assumption that you cannot trust user input. Most exploits come
from buffer over-flows, so you need to ensure that you avoid that. I can't
remember the exact C routines, but one type of read just reads the entire input
(which is bad), the other allows you to specify the maximum number of bytes to
read (which is good). You have to do extensive checking of the input to
ensure that (1) the user hasn't tried to embed an executable command, and (2)
that the user hasn't tried to embed such a command in a string that's so large
that it overflows your buffer.
Ben
|
- cgi-bin hardening prashant Kulkarni
- Re: cgi-bin hardening Benjamin J. Weiss
- Re: cgi-bin hardening emgaron
- Re: cgi-bin hardening Gordon Messmer
