CGI Programs

CGI Programs

Basics and File Locations

CGI Programs are programs that execute and then create dynamic web content. They can create HTML pages, images, audio or video files, pretty much anything that you can put on the web.

CGI Programs can be written in virtually any scripted or compiled language. The web server is currently a Ubuntu based system. Consequently if you use a compiled language for CGI, your program should be compiled on ubuntu.eskimo.com, a Ubuntu based shell server. We provide many languages for your use in CGI program creation. No matter which language you use, CGI programs must have an extension of “.cgi” and must be executable at least by the owner. Also, for Apache to correctly determine the file type, it should be world-readable.

     chmod 544 file.cgi

CGI programs must be placed in a directory called “cgi-binwhich resides within your “public_html” directory. You can create this directory online using the following commands.

     cd ~/public_html
mkdir cgi-bin
chmod 755 cgi-bin

It is also possible to create this directory with a standard ftp client by first logging into ftp.eskimo.com with your username and password, and then issuing the following commands.

     cd public_html
mkdir cgi-bin

In the case of ftp, when you login with your username and password, you will already be in your home directory. When you use mkdir within ftp, it will create the directory with the correct permissions.

How CGI Programs Are Called

If your site is a user site under our domain with a URL like “http://www.eskimo.com/~user”, then your CGI program would be called as “http://www.eskimo.com/~user/cgi-bin/program.cgi”. You can make your CGI web page appear to be somewhere other than cgi-bin on your website by using .htaccess to map the desired URL to the physical location.

There is also a system cgi-bin directory in which CGI programs that we make available can be accessed. Programs in this directory are called as follows, “http://www.eskimo.com/cgi-bin/program.cgi”. This is mostly used for programs that have system constants such as mail-back scripts.

If you have a virtual domain, your CGI programs would be called as follows, “http://www.example.com/~user/cgi-bin/program.cgi”.

System cgi-bin programs under your virtual domain would be called as follows,
“http://www.example.com/cgi-bin/program.cgi”.

Scripting Languages

Perl

Perl is far the most prevalent scripted language used for CGI programs. On Eskimo, the path to perl is “/usr/bin/perl”. It is version 5.10.1 presently and built with multi-thread support. Unlike perl4, there is no separate taintperl, instead perl is called with -T to provide this capability.

All perl CGI programs must start with:

     #!/usr/bin/perl

CGI programs requiring taintperl should start with:

     #!/usr/bin/perl -T
Perl Documents URL
Perl Homepage http://www.perl.org/
Perl Articles (O’Reilly) http://www.perl.com/
Comprehensive Perl Archive http://www.cpan.org/
Perl Mongers http://www.pm.org/

There is also an online manual you can access from the shell command prompt by typing, “man perl”.

Python

Python is available for web scripting (and other uses). The path to python is “/usr/bin/python”. The version of python installed here is version 2.4.4.

Python CGI scripts should be mode 544 and must start with:

     #!/usr/bin/python

Python documentation can be found at http://www.python.org/doc/.

There is also an online manual you can access from the shell command prompt by typing, “man python”.

Ruby

Ruby is available for web scripting (and other uses). The path to ruby is “/usr/bin/ruby”. The version installed here is ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux].

Ruby CGI scripts should be mode 544 and must start with:

     #!/usr/bin/ruby

Ruby documentation can be found at http://ruby-doc.org/ and http://www.ruby-lang.org/en/documentation/.

An online manual that can be accessed from the shell command prompt by
typing, “man ruby”.

Compiled Languages

CGI programs can also be written in any of the supported compiled languages. Any compiled programs must be created on ubuntu.eskimo.com. It is recommended that any compiled CGI program developed off-site be recompiled here before use in order to insure compatibility with the system libraries provided here.


Warning

CGI programs execute with your permissions. If there is a flaw in your program that is exploitable remotely, your files and website may be damaged.

Many shared hosting sites execute all code under a common user ID. In that situation, a flaw in any users code can result in damage to all users websites. Here, where each users website executes under their own user ID, only your own code can expose your own website.

Programs should be very careful to eliminate any “../” back references, wild card or regular expression references to file names or commands, or references to files or commands starting at “/”. Care should be taken to make sure input does not overflow input buffers.


 

Recent Posts