AsiaBSDCon 2017 Secure CGI

What can we do?

• file-system jail (non-root or already in jail)
• privilege drop (probably already privilege-dropped)
• privilege separation: separate logical components
• sandboxing: limit available resources

Many mechanisms depend upon web server configuration, which is not reliable. If running as root, application can try to jail its file-system and drop privileges. (Meditation: a web server running its scripts as root will have other issues.)