Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-07-10
2001-10-23
Wright, Norman M. (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000
Reexamination Certificate
active
06308275
ABSTRACT:
BACKGROUND
1. Field of Invention
This invention pertains in general to computer networks and in particular to a server for securely executing common gateway interface programs.
2. Background of the Invention
An Internet Service Provider (“ISP”) may host web pages for many different customers. For example, a typical ISP may provide web hosting services for thousands of customers. These services primarily include providing storage space for web pages and CGI programs, processing time for responding to access requests and executing programs called by the web pages, and network bandwidth for sending data to and receiving data from client browsers.
The customers' web pages often refer to Common Gateway Interface (“CGI”) programs (also referred to as “CGI scripts”). A common use of a CGI program is to provide data in response to a client request for information through back-end processing. For example, a CGI program may provide flight status information, a directory listing, or driving instructions in response to a web page-based query.
CGI programs may be written in any language understandable to the executing server, including, for example, C, Perl, or a shell script. CGI programs usually reside in a “/cgi-bin/” directory on the web server or logically connected to the web server. When a link to a CGI program on a web page is selected, the web server executes the CGI program, passes along information from the web page, and transmits the outputted information back to the client browser.
On a server running a variant of the UNIX operating system, each process executed by the server has an associated user identification (“UID”). The UID identifies the user who executed the process, and is used to determine the permissions available to that user. In a typical web hosting environment, CGI programs executed by the web server have a UID identifying the web server. This situation is undesirable because it grants any CGI program all of the permissions and associated capabilities available to the web server. Therefore, a malicious user could write a CGI program that abuses its permissions and harms the web server.
To avoid this potential security breach, certain web servers have the capability of executing the CGI program using a different UID. For example, the Apache HTTP Server Version 1.3 includes the suEXEC feature, which provides Apache users with the ability to run CGI programs under UIDs different from the UID of the calling web server. Thus, the web server can be configured to execute the CGI program with the owning customer's UID or with a special “safe” UID.
However, the suEXEC feature does not provide a security model robust enough for sophisticated web hosting needs. A web host, for example, may provide a remote access feature wherein the customer uses CGI programs to update files on the web server. In such a case, the web server must authenticate that the client is the customer before executing the CGI. Otherwise, non-customers would be able to execute CGI programs and overwrite the customer's data. Likewise, it is sometimes desirable to allow an authenticated customer to write data that even the customer cannot later alter.
Accordingly, there is a need for a more sophisticated security model for web servers. Preferably, this security model would work with existing web servers and without requiring major upgrades of hardware or software.
SUMMARY OF THE INVENTION
The present invention provides a method and system for implementing a web host that executes common gateway interface (“CGI”) programs in one of four security modes, thereby allowing greater customization of the privileges available to the program. A system according to the present invention includes a web host having a web server, a CGI proxy, and a CGI storage. A client, usually located at a remote computer terminal, accesses web pages stored in the web server by communicating with the web server using the hypertext transport protocol (“HTTP”). The client may request that the web server execute a target CGI program stored in the CGI storage by sending a web page-based form to the web server. The form identifies the path to the CGI program and includes a query string with information for processing by the CGI program.
A redirector within the web server receives CGI program execution requests generated by clients and rewrites the CGI request to call a CGI proxy. In addition, the redirector reformulates the query string received with the CGI execution request and passes it as a parameter to the CGI proxy.
The CGI proxy parses the query string and uses it to determine an execution mode for the target CGI program. If the query string contains authentication information allowing the CGI proxy to authenticate the identity of the client, the CGI proxy performs this authentication. If not, the CGI proxy determines from the path of the target CGI whether the target CGI is belongs to a customer of the web host.
If the client is not authenticated and the target CGI program does not belong to a customer, the CGI program is executed using a “safe” user identification (“UID”). The safe UID is preferably an identification that has only limited reading and writing privileges on the web host. Accordingly, the potential for dangerous use of the CGI program is reduced.
If the client is not authenticated but the target CGI program belongs to a customer, the CGI program is executed using the customer's UID. Using the customer's UID in this manner allows the privileges of different CGI programs to be compartmentalized. Thus, one customer's CGI programs will have, at most, read and write access to only the files accessible to that customer.
If the client is authenticated, the CGI proxy determines whether the target CGI program is in a list of special CGI's typically maintained by the web host operator. If so, the CGI program is executed using the customer's UID. This mode is typically used by the customer to execute CGI programs installed by the web host operator to maintain the customer's web pages. The authentication allows the web host operator and the customer to ensure that only the customer has access to these CGIs and the compartmentalization accorded by using the customer's UID prohibits a customer from altering another customer's files.
If the client is authenticated and the target CGI is not in the list of special CGIs, the CGI program is executed using a special UID having greater write permissions that typically granted to a customer. This mode is generally used to execute programs for writing files that belong to the user, yet the user does not have permission to modify.
Before executing the CGI program, the CGI proxy deletes unnecessary information from the query string by returning the string to its state before the execution request was intercepted by the redirector. Then, the CGI program is executed using the determined security mode and the query string. A CGI program expecting to be executed only after successful authentication preferably first checks its UID. If the program is not executed with its expected UID, it halts execution and returns a result indicating that execution aborted. This result, along with any other information generated by the CGI program, is returned by the CGI proxy to the web server, which, in turn, provides the information to the client.
A method for securely executing programs on a web host according to an embodiment of the present invention includes the steps of providing a plurality of web pages to a client; receiving from the client a request to execute a program stored on the web host; authenticating the client if possible; determining an execution mode for the program; and executing the program in the determined execution mode.
Computer program instructions encoded on a computer-readable memory for securely executing programs on the web host include instructions for: receiving a program execution request from a client; redirecting the execution request to a proxy; determining an execution mode for the program; and executing the program
Ho Eric Y. W.
Vaswani Rajendra
At Home Corporation
Fenwick & West LLP
Wright Norman M.
LandOfFree
Web host providing for secure execution of CGI programs and... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Web host providing for secure execution of CGI programs and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Web host providing for secure execution of CGI programs and... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2607290