[Cascavel-pm] Erro estranho no Perl v5.8.6
Vinicius Alves
perl em atechs.com.br
Quinta Agosto 4 16:37:53 PDT 2005
Sammuel,
Você tem que "limpar" suas varáveis de ambiente:
$ENV{'PATH'} = '/bin:/usr/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
Veja http://www.perl.com/doc/manual/html/pod/perlsec.html para mais informações.
[]´s
Vinicius
----- Original Message -----
From: Sammuel de Souza
To: Cascavel Perl Mongers
Sent: Thursday, August 04, 2005 7:18 PM
Subject: Re: [Cascavel-pm] Erro estranho no Perl v5.8.6
Fiz como vc falou
fiz um script menor para ver se resolvo o problema.
coloquei
use diagnostics;
Codigo
#!/usr/bin/perl
use diagnostics;
use CGI;
my $query = new CGI;
print $query->header;
$impr = `/bin/cat /usr/local/www/cgi-bin/aa.log`;
print "teste: $impr";
quando acesso via Internet explorer veja o httpd-error.log
Insecure $ENV{PATH} while running setuid at
/usr/local/www/cgi-bin/sam.cgi line 11 (#1)
(F) You can't use system(), exec(), or a piped open in a setuid or
setgid script if any of $ENV{PATH}, $ENV{IFS}, $ENV{CDPATH},
$ENV{ENV}, $ENV{BASH_ENV} or $ENV{TERM} are derived from data
supplied (or potentially supplied) by the user. The script must set
the path to a known value, using trustworthy data. See perlsec.
Uncaught exception from user code:
Insecure $ENV{PATH} while running setuid at /usr/local/www/cgi-bin/sam.cgi line 11.
at /usr/local/www/cgi-bin/sam.cgi line 11
Agora qnd digit via prompt veja
# ./sam.cgi
ele executa normal...
Server version: Apache/1.3.33 (Unix) PHP/5.0.4 mod_perl/1.29
o que esta acontecendo???
[]'s Douglas
------------------------------------------------------------------------------
_______________________________________________
Cascavel-pm mailing list
Cascavel-pm em pm.org
http://mail.pm.org/mailman/listinfo/cascavel-pm
------------------------------------------------------------------------------
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.1/64 - Release Date: 4/8/2005
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: http://mail.pm.org/pipermail/cascavel-pm/attachments/20050804/d4d6247c/attachment.html
Mais detalhes sobre a lista de discussão Cascavel-pm