LiteSpeed Technologies
Download Download     Blog Blog     Wiki Wiki     Forum Forum     Store     Contact Contact    

Go Back   LiteSpeed Support Forums > External Applications > CGI/Perl/Python > cgi chroot

Reply
 
Thread Tools Display Modes
  #1  
Old 02-23-2011, 10:20 AM
subhuti subhuti is offline
Member
  
Join Date: Apr 2010
Posts: 22
Default cgi chroot
Hello!
I've found interesting information on your website

Quote:
"chroot jail" is to have a CGI script started under an assigned alternative root directory, the script can not access files beyond the new root directory. With it, you no longer need to worry about confidential system files being exposed by vulnerable scripts.
(http://www.litespeedtech.com/docs/webserver/security/)
also
I see interesting options in the litespeed admin console
such as "ExtApp Chroot Mode"
I've changed it to virtualhost root but I was able to access system files from cgi (for example python "print open('/etc/passwd','r').read() )
so I'm trying to figure out what does all this means:
I understand that I can put litespeed server in chroot but how I can put separate cgi script in chroot
Reply With Quote
  #2  
Old 02-23-2011, 10:45 AM
mistwang mistwang is offline
LiteSpeed Staff
  
Join Date: May 2003
Location: New Jersey
Posts: 7,585
You need to build the jail environment for the script, otherwise, it wont work.
If you want per account chroot, you may have to use Cloud Linux SecureLVE, otherwise, it is pretty hard to maintain the chroot jail. Our 4.0.20 release should support SecureLVE on plain centos.
Reply With Quote
  #3  
Old 02-23-2011, 11:14 AM
subhuti subhuti is offline
Member
  
Join Date: Apr 2010
Posts: 22
Quote:
Originally Posted by mistwang View Post
You need to build the jail environment for the script, otherwise, it wont work.
If you want per account chroot, you may have to use Cloud Linux SecureLVE, otherwise, it is pretty hard to maintain the chroot jail. Our 4.0.20 release should support SecureLVE on plain centos.
so, in future I have to create SecureLVE with securelve_user <domain_owner> (actually I already use this). Enable virtual host chroot and create document root path like /var/securelve/username/var/www/<vhost.domain.com>/httpdocs/ ?

and what will give this SecureLVE option in litespeed ? what difference between LVE and SecureLVE options ?
Reply With Quote
  #4  
Old 02-24-2011, 12:18 PM
webizen webizen is offline
LiteSpeed Staff
  
Join Date: Oct 2010
Posts: 2,337
LSWS 4.0.20 supports SecureLVE. Just enable SecureLVE in LSWS (Admin Console -> Configuration -> Server -> General -> Enable LVE => SecureLVE). See this (http://www.litespeedtech.com/support...curelve_how_to) for more details
Reply With Quote
  #5  
Old 02-24-2011, 01:11 PM
subhuti subhuti is offline
Member
  
Join Date: Apr 2010
Posts: 22
Quote:
Originally Posted by webizen View Post
LSWS 4.0.20 supports SecureLVE. Just enable SecureLVE in LSWS (Admin Console -> Configuration -> Server -> General -> Enable LVE => SecureLVE). See this (http://www.litespeedtech.com/support...curelve_how_to) for more details
awesome!
thank you
Reply With Quote
Reply

Tags
cgi, security

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 03:49 AM.



- Archive - Top
© Copyright 2003-2011 LiteSpeed Technologies, Inc. All rights reserved. Privacy Policy.