Publishing cgi scripts on CSUSAP

As the execution of ill-designed cgi scripts can cause unwelcome surprises for the unsuspecting programmer, DIT has taken steps to minimise the security risk of script execution, and in particular, buffer overflow vulnerabilities which can be exploited by malicious users feeding scripts something they can't digest.

In particular script files that reside under a public_html directory can be browsed allowing people to view the script code and exploit vulnerablities, for this reason CSUSAP has been configured NOT to allow the execution of any scripts under a public_html directory.

This will ensure that users cannot view the source code of a script, and hence look for vulnerabilities.

The correct method for executing cgi scripts on csusap is as follows:

Below is a simple test you can do to ensure your cgi environment is set up correctly:

-------------- Cut here --------------

print "content-type: text/html\n\n";

print "<HTML>\n";

print "<HEAD>\n";
print "<TITLE>hello, world html </TITLE>\n";
print "</HEAD>\n";

print "<BODY>\n";
print "<H2>Hello, World, in HTML </H2>\n";
print "<HR>\n";
print "<p>\n";
print "Hello, World, in HTML\n";
print "</p>\n";
print "<p>\n";
print "hello_world.cgi successfully executed\n";
print "</p>\n";
print "</BODY>\n";
print "</HTML>\n";
-------------- Cut here --------------

If your browser loads the script generated web page, you are set to go...happy programming!