Shellcommands can be used to perform a number of useful tasks. A benefit to the Unix shell is that, assuming you’re using a Unix platform for your Web server, you’re probably already familiar with it.They are commonly used for quick-and-easy CGI programs, where security isn’t an issue. Because these CGI programs are generally used to execute other programs on the server, a particular security issue is that they auto- matically inherit the problems and security issues associated with those external programs.
Another issue with Unix shell programs is that you are more limited in controlling user input and other security issues than the other lan- guages we’ll discuss in this section.While you can create code in a Perl, C, C++, or Visual Basic script that will check what data a user has sub- mitted, this generally isn’t the case where shell scripts are concerned.
would be documentation dealing with the Perl interpreter for Windows NT (perl.exe). Older documentation states that this pro- gram should be stored in this directory, so that any Perl scripts used on your site can be executed. However, the –e flag for perl.exe allows snippets of Perl code to be executed. For example, let’s say a user entered the following URL into his or her browser: www.freebsd.com/cgi-bin/perl.exe?&e+unlink+%3C*%3E.
By sending this code to the command interpreter, all files in the directory on freebsd.com would be deleted. Although placing interpreters like perl.exe may seem convenient, and older docu- mentation may give good reasons to do so, you are opening a grave security hole that can easily be exploited.
Perl
Perl is the Practical Extraction and Reporting Language. It is a scripting language that is similar to C in syntax, and is easier to learn than other languages discussed here. Although it is a good choice for new program- mers, it should not be thought of as a poor choice for complex pro- grams. It provides the ability to create powerful programs, and allows you to implement code that will provide security.These reasons have aided in Perl becoming a common method of creating CGI scripts.
Because Perl is interpreted, it is compiled and executed as one step each time the program is called. For this reason, there is greater possibility that bad data submitted by a user will be included as part of the code.This can cause the program to error and abort, or perform unexpectedly.
Another problem with Perl is that the source code isn’t compiled, and is thereby potentially available for users to view. By being able to view the source code, there is a better chance that security holes can be discovered and exploited.
C/C++
Cand C++ are the most popular languages used for developing applica- tions, and can be used to create CGI programs. Both of these are com- piled languages, meaning that the source code must be translated into machine code before the program can be run. Because of this, the source code is unavailable to view, and hackers will be unable to analyze the code for security holes.
A common problem that occurs when Internet programs are created with C or C++ is buffer overflows. In the C or C++ program, a fixed amount of memory is allocated for user input. If more data is sent to the program than was allocated, the program crashes. By overflowing a buffer, it is then possible to alter the stack and gain unauthorized access. This problem was exploited when Robert Morris, creator of the
Internet Worm, attacked a C-based Sendmail program.The reason he was able to exploit this vulnerability is that C programmers will gener- ally allocate a set amount of memory, assuming this will be enough for
normal use. By using more data than expected, the program experiences a buffer overflow.
Two functions are generally at fault for buffer overflows: strcopy() and strcat().The reason for this is that neither allows you to specify a max- imum length to a string of characters being used in the program.With no limit, more data than expected can be used, thereby causing the overflow. Instead, strncpy() and strncat() should be used. Although they provide the same functionality, you can set a maximum length to the string.
Another way to help avoid this problem is to use the MAXSIZE attribute for any fields used on a form.This will limit the amount of data a user can enter through normal means. In doing so, the buffer overflow problem can be avoided by inadvertant data. A secondary ben- efit is that users will be forced to think about what they enter before submitting it, keeping them clear and concise.This is not, however, a perfect way to stop this attack as users can telnet to the port a Web server is on and bypass any HTML or Javascript checks. MAXSIZE should only be used as a guide for non-malicious users and should be used in conjunction with the above mentioned data checking.