#!/usr/bin/env bash in cgi script

To: debian-security@lists.debian.org
Subject: #!/usr/bin/env bash in cgi script
From: Krzysztof Mazurczyk <kmazurczyk@wskiz.poznan.pl>
Date: Thu, 7 Feb 2002 18:25:47 +0100
Message-id: <[🔎] 20020207182547.B1911@Winux.wskiz.poznan.pl>

Hi all,

If I may ask for your comments.

I have to set on wy webserver pages written by someone. One of file which
must be put in cgi-bin directory is following script (only this two lines).

#!/usr/bin/env bash
./foo bar.html

The whole construction looks dangerous for me. I'm thinking about hardening 
this but I'm not sure what to to. 

foo is na ELF file which connects to a service, gets data and
formats html code based on bar.html template. There are many files with
templates and why bar.html is to be a parameter.

#!/usr/bin/env ./foo bar.html

Looks better? Or env runs bash? The general question I think is how to run
ELF file with a dynamic parameter as cgi-bin program in securest manner.

*Any* comment welcome.

Regards,
Chris

Reply to:

Prev by Date: Re: SECURITY HOLE in MySQL module in PHP
Next by Date: Re: HELP I've been cracked
Previous by thread: Re: How to modify SSH2 prompt message?
Next by thread: Re: HELP I've been cracked
Index(es):
- Date
- Thread