janc
|
|
Enabling CGI scripts for Grex users
| 
Dec 3 22:33 UTC 1998 |
There has recently been some discussion among the staff of allowing
users to put CGI scripts on Grex.
CGI programs are programs that run when you submit a form on a web page.
There are several running on Grex - Backtalk, the webnewuser program,
and the web vote program are all CGIs. Currently we do not allow users
to install CGI programs on their own web pages. We could do this.
Do we want to?
First, we should be able to set this up on Grex so that it isn't a big
security risk for the system as a whole (though a badly written CGI
might still compromise the account of the user who puts it up). Apache
has an suEXEC feature that appears to be well designed. Information
about this is at http://www.apache.org/docs/suexec.html. This runs the
CGI program as the user on whose account it is installed on.
What would people do if they could install CGI scripts on their Grex web
pages? Well, the possibilities are endless. Some examples of things
people could do:
- Install any of thousands of scripts off the net, including things
like counters and guestbooks.
- Create pages that display things like current "finger" output, or
"pwho" output through the web.
- Run surveys and questionaires pages and collect data.
- Run cute things like Valerie's interactive story. (See
http://www.valeriemates.com/cgi-bin/story.cgi - it's fun.)
- Theoretically, you could put up your own Backtalk conferencing
system. This would be separate from the Grex conferencing system,
with (perhaps) separate logins, items and conferences. I think
people would hit their disk space limits pretty fast if they tried
to do this, but some of Backtalk's competitors, like COW, could
probably be run in a normal user's disk space.
- You probably couldn't make a good interface to Grex's party program
(hmmm...maybe you could do something that kind of works), but you
could certainly install one of the freeware chatroom programs on
your account.
- I could install something on my web page, that would let me read
my E-mail from my web page (presumably I'd put password protection
around this so I was the only one who could do it). I could also
send E-mail through such an interface (the mail would appear to
come from my account on Grex).
- You could probably install various kinds of web-bouncer things,
where you'd hit a page on Grex that would redirect your query to
hit a page on another site, making it look as if the query came
from Grex. I can't imagine this would be of much use to anyone,
but I suspect some folks would try it.
There are endless other possibilities - more than I'm likely to think of
off the top of my head. Obviously, for some people (like me) being able
to do this would be really attractive. There aren't many places that
let people run CGI's without charging a lot. (I don't have any such
place.) However, setting this stuff up isn't all that easy, so it's
mainly a feature of use to geeks.
It's worth noting that one of the easiest things to accomplish with a
CGI program would be to seriously compromise the security of your own
Grex account. Writing secure CGI programs is difficult anytime, and
harder on Grex. Many widely distributed CGI programs which are
reasonably secure on other systems will prove unsafe on Grex (mainly
because many programmers assume that only trusted people can actually
log onto the server - definately not true on Grex). It's actually quite
likely that if you cobble together a cute little two line CGI program
that lets people run Grex's "finger" command from your web page, then I
can use it to change your password and take over your account.
So if we offered this feature, we'd certainly attract a lot of new users
once the word got out. I don't know if those people would be drawn into
our community or would donate any money, but they'd like us. Learning
to write CGI's is very educational for people, and I think we'd see some
very cool things appearing on some of our user's web pages. But there
would probably also be some things happening that we don't approve of
that much.
|
steve
|
|
response 1 of 59:
|
Dec 3 22:53 UTC 1998 |
I'm twitching as I read this.
One the one hand, allowing users to do this fits in perfectly with our
goals of letting people do this. We allow access to compilers, and not
allowing CGI scripts here is kind of against that principal.
The other hand is paranoid and really worries about what could happen
here. Back when Apache first came out the code was still too untested
for me to be happy with allowing users to do anything "interesting" on
Grex, for fear of security problems. Forgive me, but when I think of
anything new to add to Grex I wonder what vandals will try and do with
it.
However, I read some things at the apache site where a system of
letting users run things as themselves (ie, not as root!) and it does
sound secure, and better yet I couldn't find anything related to known
problems with it on the vandal sites I frequent.
There are two other things that worry me some. First, since there are
a myriad of things that can be done with it, I'm hoping that a lot of
staff time isn't going to be spent on "cleaning up" after problems.
Second, I wonder what kind of load we're going to place on the system,
and how that will affect Grex. Right now, Grex is at a pretty good
place in terms of processor power and ram against the usage it sees.
I'd like to see Grex get another 64M to 128M, which would let us do more
here.
If we do this, I'd very much want it to be on a test basis to see
how things go and make it clear that it might go away if there are too
many problems with it.
I really do want to see CGI scripting here on Grex, but I'm still
twitching over the possible mis-uses of it. Still, the less paranoid
part of me thinks we should do it.
|
albaugh
|
|
response 2 of 59:
|
Dec 4 00:33 UTC 1998 |
I *am* curious about how running /usr/bin/finger or whatever from your perl
script would allow a hacker to change your password. But from a mischief
point of view, if staff is convinced that a CGI could do no more harm than
what someone could already do from a UNIX shell (telnetting in), then it might
be OK to try allowing CGI for the masses.
|