Constructing CGI Environment

1.0.0 Directories in /usr/web
2.0.0 Configuration for /lib/namespace.httpd
3.0.0 Execution handler
4.0.0 Namespace reconfiguration for document manager
5.0.0 CGI and security

2002/08/30

What should you first consider in constructing CGI environment ?
That is environment necessary to execute CGI programs.

Pegasus can configure and must configure namespace that is required for CGI.

Many names will be required. For example, a CGI program may be waiting a message that will never come. Then pegasus must kill the process. To enable it, /proc must be provided.

Directories in `/usr/web`

You will find the following directories in example/usr/web of Pegasus distribution.

	bin
	dev
	doc
	env
	etc
	lib
	mnt
	net
	proc
	rc
	sys
	tmp

All of them are not required. For example, net is required only for CGI that accesses outer word via network.

Configuration for `/lib/namespace.httpd`

The service space is directories under

	/usr/web/

They are empty. Therefore we must bind entity so that we can give contents.
You will find example in distribution:

	example/lib/namespace.httpd

The contents are

	bind -a /usr/web/bin/$cputype /bin
	bind -a /usr/web/bin/rc /bin
	bind /sys/log/http /usr/web/sys/log/http
	bind /sys/lib /usr/web/sys/lib
	bind /sys/man /usr/web/sys/man
	bind /lib /usr/web/lib
	bind /bin /usr/web/bin
	bind /rc/lib /usr/web/rc/lib
	bind -c #e /usr/web/env
	bind #c /usr/web/dev
	bind /proc /usr/web/proc
	bind -a #I	/usr/web/net
	mount -a #s/cs	/usr/web/net
	mount -a #s/dns	/usr/web/net
	bind /usr/bob/www/doc /usr/web/doc
	bind /usr/bob/www/etc	/usr/web/etc

Comment lines are discarded here.
The last two lines assume that bob is administrator of this host, and his documents and control files are placed in

	/usr/bob/www/doc

and

	/usr/bob/www/etc

respectively.

Not all of these lines are required. Fore example, lines contains net are very special.

You will find a line:

	bind /sys/lib /usr/web/sys/lib

This line means all the files under /sys/lib are configured into service space. Therefore accessible via CGI.
Note that you probably have files that should be secret in /sys/lib/ssh and /sys/lib/tls.
Therefore you should be careful not to make them open to everyone.
I rather recomment you not to have private files under /sys.

CGI environment that you have configured in /lib/namespace.httpd is passed to all virtual hosts and all users except

	/usr/web/doc
	/usr/web/etc

Therefore you should be careful to security.

Execution handler

Those who manage we pages must also manage execution handler for their document by themselves. Execution handler is located in

	$home/www/etc/handler	# for virtual hosts

	$home/web/etc/handler		# for system user

Typical contents of handler is:

	# path      mimetype    ramfs    execpath arg ...
	/netlib/*/index.html text/html 0 /bin/ftp2html
	*.http         -         0       $target
	*.html      text/html    1       $target
	*.dx_html   text/html    0       /bin/dx $target

This is what I am using.
The first line is a comment.
The first field is path pattern of requested path and $target that may appear after fourth field is the path name.
A line that contains *.html defines files so called CGI.
This line says that if a file with extension .html and with executable bit for others is requested then execute the file. The output format is text/html and ramfs is provided.
This means the file extension of CGI is determined not by Pegasus but by user.

Table of $/etc/handler determines action against requested path. Requested file need not be present. See execution handler for more more information.

Namespace reconfiguration for document manager

Those who manage web pages can configure his namespace. The configured namespace cannot go beyond namespace that is configured in /lib/namespace.httpd as long as -m option is not given to httpd.
The configuration file is

	/etc/namespace.cgi

in service space. If you are bob, the real place will be

	/usr/bob/www/etc/namespace.cgi

The contents of distributed file is

	bind -a /etc/bin/$objtype /bin
	bind -a /etc/bin/rc /bin

This means user bob can locate his executable files in

	/usr/bob/www/etc/bin/386
	/usr/bob/www/etc/bin/rc

CGI and security

Pegasus allows all users to have CGI environment if host administrator configure

/lib/namespace.httpd for CGI.

Pegasus thinks that CGI should not be served only to administrator.

Therefore this feature should be in mined in configuring /lib/namespace.httpd.

Pegasus is designed in considering that it should be attack proof against malicious system user. However Pegasus has not been examined in the system with malicious users.


If httpd is invoked by `listen', then httpd runs as user none.

If you want httpd to write a file, it is safe to set access mode

	alrw-rw-rw-		# if reading is required
	alrw--w--w-		# if you don't want the file to be read by others

It is most important not to be deleted or  modified by others.


If you want not to be accessed by other system users, run httpd in server mode.

検事の鏡 A mirror of Kenji Arisawa's site