Hi,
How can stop people from creating a cgi script like this one i created below which gets the contents of /etc/passwd ? Can i jail CGI somehow?

test.cgi
#!/bin/bash

echo "Content-Type: text/plain"
echo ""
cat /etc/passwd

Thanks,
Alex

Unfortunately there's nothing lie PHP Safe mode for Perl CGI scripts. :(

This is an interesting discussion I found: http://gallery.menalto.com/node/3017

Hi,
I just found somthing perfect!!!!!:) Look: http://stein.cshl.org/software/sbox/

As long as i can get it to work then its great,

Thanks,
Alex

Would this chroot the user? -> http://cgiwrap.sourceforge.net/

Thanks,
Alex

As far as I know, suphp is also able to run cgi scripts (not just php scripts) under the correct user and chroot them.

Hi,
Sounds good :) is there a tutorial anywhere about howto chroot CGI scripts with suphp? I will have to remove CGI access otherwise:(

Thanks,
Alex

I'am not aware of a tutorial. But you should get it to work with the suphp manual as well as it documents all configuration options incl. chrooting.