CSUSAP: Student and Staff Unix Host

Publishing cgi scripts on CSUSAP

As the execution of ill-designed cgi scripts can cause unwelcome surprises for the unsuspecting programmer, DIT has taken steps to minimise the security risk of script execution, and in particular, buffer overflow vulnerabilities which can be exploited by malicious users feeding scripts something they can't digest.

In particular script files that reside under a public_html directory can be browsed allowing people to view the script code and exploit vulnerablities, for this reason CSUSAP has been configured NOT to allow the execution of any scripts under a public_html directory.

The correct method for executing cgi scripts on csusap is as follows:

create a directory under your home directory, called cgi-bin, and make it rwxr-xr-x:
"cd; mkdir cgi-bin; chmod 755 cgi-bin"
there should be a link called http://csusap.csu.edu.au/cgi-pub/username, which points to the above directory.
ie. http://csusap.csu.edu.au/cgi-pub/username -> csusap:/userdata/{staff|student}/username/cgi-bin
If this link does not exist, please contact Student Central to have it created.
use the above reference in any html files under your public_html directory when calling scripts: ie. http://csusap.csu.edu.au/cgi-pub/username/index.cgi runs: /userdata/{staff|student}/username/cgi-bin/index.cgi

This will ensure that users cannot view the source code of a script, and hence look for vulnerabilities.

Below is a simple test you can do to ensure your cgi environment is set up correctly:

Copy the following code into a file called hello_world.cgi in the cgi-bin directory you have created under your home directory:

-------------- Cut here --------------
#!/usr/bin/perl

print "content-type: text/html\n\n";

print "<HTML>\n";

print "<HEAD>\n";
print "<TITLE>hello, world html </TITLE>\n";
print "</HEAD>\n";

print "<BODY>\n";
print "<H2>Hello, World, in HTML </H2>\n";
print "<HR>\n";
print "<p>\n";
print "Hello, World, in HTML\n";
print "</p>\n";
print "<p>\n";
print "hello_world.cgi successfully executed\n";
print "</p>\n";
print "</BODY>\n";
print "</HTML>\n";
-------------- Cut here --------------

Ensure that this file has the correct permissions: chmod 755 hello_world.cgi
From a web browser, load the address http://csusap.csu.edu.au/cgi-pub/username/hello_world.cgi

Publishing cgi scripts on CSUSAP

The correct method for executing cgi scripts on csusap is as follows:

Below is a simple test you can do to ensure your cgi environment is set up correctly:

If your browser loads the script generated web page, you are set to go...happy programming!