CyberBuzz CGI Submittals

Realizing that not all desired CGI functionality can be anticipated by the sysadmins, a means for adding additional CGIs has been provided. However, all CGIs accessed from http://cyberbuzz.gatech.edu/cgi-bin/ (those in /www/cgi-bin/ on the system) must be scrutinized by a sysadmin for security risks.

All CGIs to be submitted by users must be provided to the sysadmins in working source code format with the following in their header:

1. Student group name
2. Contact information, including email and phone, for the author of the script if custom-written, or for the person requesting submission if not.
3. If obtained elsewhere, a link to the source site and mention of the license for the script (GPL, public-domain, postcardware, etc.)
4. A general description of what the script does
5. A date of submission
6. If there is code that needs to be compiled, complete instructions for doing so (what libraries to link, etc.)

For example, here's a CGI script I just wrote: envprint

#!/usr/local/bin/perl
#
# CyberBuzz Admins
# Chris Ricker, kaboom@cyberbuzz.gatech.edu
# custom-written, GPL'ed 1/19/98
# Print some environmental strings to test the CGI interface
# Submitted for review 1/19/98
#

print "Content-type: text/html\n\n";
while (($item, $value) = each %ENV)
{
print "$item = $value<BR>\n";
}

After you have written and debugged your CGI script, you submit it by copying it into the /home/special/cgi-submit/ directory on CyberBuzz. This directory is world-writeable, but sticky, so no one can mess with your files once they are in place. Admins will periodically be notified when files are in this directory, and they will then analyze them and either delete them, notifiying the listed contact person, or install them.

To allow users the ability to debug their scripts before installation, CGIWrap has been installed. CGIWrap allows the secure running of unverified CGI scripts, although with much-reduced speed, the inconvenience of a cumbersome URL, and other drawbacks which make it unsuitable for permanent use.

To illustrate its use, we'll again consider my CGI envprint.

• I put that in my account in a cgi-bin directory, ~kaboom/cgi-bin/envprint.
• If I try to directly access that CGI at http://cyberbuzz.gatech.edu/kaboom/cgi-bin/envprint, access will be denied, and the file will load as text.
• I must first tell the web server that my script is in fact a script and not text; I do this by renaming it with a .cgiextension, envprint.cgi.
• Now, my CGI loads as a CGI but permission is still denied to execute it. I must wrap it with CGIWrap, which will safely run it. I do this by instead loading http://cyberbuzz.gatech.edu/cgi-bin/cgiwrap/kaboom/envprint.cgi in my web browser.
• In addition, CGIWrap provides a nice debugging interface, cgiwrapd. If I instead try to load http://cyberbuzz.gatech.edu/cgi-bin/cgiwrapd/kaboom/envprint.cgi, I can easily view errors in my script.

Support@CyberBuzz.GaTech.edu Copyright © 1998 CyberBuzz/Georgia Tech Modified November 24, 1998 at 5:52 PM EST http://CyberBuzz.GaTech.edu/support/cgi_submittal.html

Disclaimers

(MS)