#!/usr/bin/env bash in cgi script
Hi all,
If I may ask for your comments.
I have to set on wy webserver pages written by someone. One of file which
must be put in cgi-bin directory is following script (only this two lines).
#!/usr/bin/env bash
./foo bar.html
The whole construction looks dangerous for me. I'm thinking about hardening
this but I'm not sure what to to.
foo is na ELF file which connects to a service, gets data and
formats html code based on bar.html template. There are many files with
templates and why bar.html is to be a parameter.
#!/usr/bin/env ./foo bar.html
Looks better? Or env runs bash? The general question I think is how to run
ELF file with a dynamic parameter as cgi-bin program in securest manner.
*Any* comment welcome.
Regards,
Chris
Reply to: