Third party extensions
Challenger handles three types of third-party extensions,
Challenger modules, CGI-scripts and Java
servlets. With any extension you install on your web server you
must take the security issues into account. You must trust the
programmer of the extension to have written it with security in
mind. The main problem is how user input is handled, what will happen
if the extension gets a megabyte of machine code instead of the line
of text it expected.
Challenger modules are the preferred way of extending Roxen
Challenger. Modules become part of Challenger and their functionality
can be used by other modules. In effect, modules have to do less and
provide more. A module does not have to do as much, which means that
it will be shorter and the risk of bugs will be reduced.
Challenger takes care of a lot of potential security issues by
itself. For example, it is impossible to make a buffer overrun bug
that enables an attacker to execute machine code. But, this does not
mean that the programmer of a Challenger module can ignore security
considerations. A Challenger module will always be run with the same
permission as the Challenger server and any security hazard in the
module will affect the whole server. Therefore, we recommend you only
run modules distributed by reputable web sites.
Most third-party extensions for web servers are available as
CGI-scripts, because they will work on all web servers. In Challenger,
the CGI executable support module handles
When writing CGI-scripts, the programmer has to take care of all
security issues herself. This is currently not a skill all programmers
possess, it has only been an issue for a little while. Therefore,
CGI-scripts are a major cause of security hazards today.
Challenger has the option of running CGI-scripts as a low privilege
user. Use this to make sure that the CGI-script can cause as little
damage as possible. Only download CGI-scripts from web sites that show
that they treat security issues seriously.
Java servlets are extensions that share many of the good properties of
Challenger modules. They are run within the web server, and therefore
uses less resources CGI scripts. They are implemented using a
interpreted object-oriented language, thereby making it harder to make
mistakes that affect the security of the server.