CGI Security Documentation

Publications That Mention CGIWrap

CGIWrap was not only used in practice on Unix web servers, it was also discussed in books, security materials, and developer references focused on CGI scripting and web server safety. This page collects publication mentions and related references that help show how CGIWrap was understood in the broader technical conversation around CGI security and user-owned script execution.

These references are useful because they place CGIWrap in a larger historical context. Instead of being treated as an isolated tool, CGIWrap appears as part of the wider effort to make CGI scripting safer, more accountable, and more practical in multi-user hosting environments.

Featured Publication Mention

The following excerpt highlights how CGIWrap was described in a published CGI reference. It emphasizes the same core themes that show up throughout the rest of the CGIWrap documentation: user-level script ownership, reduced server-wide exposure, and stronger accountability for the author of a script.

Special Edition - Using CGI

Publisher Que Corporation

A better solution to the problem of deciding which user a script runs as when multiple people have CGI access is the CGIWrap program. CGIWrap, which is included on the CD that accompanies this book, is a simple wrapper that executes a CGI script as the user that owns the file instead of the user that the server specifies. This simple precaution leaves the script owner responsible for the damage it can do.

For instance, if the user "joanne" owns a CGI script that's wrapped in CGIWrap, the server will execute the script as user "joanne." In this way, CGIWrap acts like a setuid bit but has the added advantage of being controlled by the Web server rather than the operating system. That means that anybody who sneaks through any security holes in the script will be limited to whatever "joanne" herself can do - the files she can read and delete, the directories she can view, and so on.

Because CGIWrap puts CGI script authors in charge of the permissions for their own scripts, it can be a powerful tool not only to protect important files owned by others, but to motivate people to write secure scripts. The realization that only their files would be in danger can be a powerful persuader to script authors.

Excerpted with permission from Special Edition Using CGI.

Comments: The book is pretty good. At least in the copy I got, they say that CGIwrap is included on the CD, but I can't find it anywhere.

What makes this excerpt especially useful is that it captures the practical argument for CGIWrap in plain terms. Instead of focusing only on raw mechanics, it explains why running a script as its owner changes the risk model and why that matters for both administrators and script authors.

Other References

In addition to the featured excerpt above, CGIWrap has also been mentioned in a range of books, articles, and technical references related to Perl, CGI development, and web server security. These materials help confirm that CGIWrap had a visible place in the larger CGI security discussion.

  • Special Edition, Using Perl for Web Programming, Ch. 9
  • Perl 5 By Example, Ch. 9
  • SD Magazine Feature - Safe CGI Scripting
  • WWW Security FAQ - CGI Scripts
  • CGI Developers Guide - Ch. 9
  • Notes on the Security of a UNIX Web Server
  • Boxed and Wrapped - Lincoln D. Stein
  • CGI FAQ
  • Maximum Security - Hackers Guide to Protecting...