<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2668" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Fiz como vc falou</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>fiz um script menor para ver se resolvo o
problema.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>coloquei </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>use diagnostics;</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Codigo</FONT></DIV>
<DIV><FONT face=Arial size=2><STRONG>#!/usr/bin/perl</STRONG></FONT></DIV>
<DIV><STRONG></STRONG> </DIV>
<DIV><FONT face=Arial size=2><STRONG>use diagnostics;</STRONG></FONT></DIV>
<DIV><STRONG></STRONG> </DIV>
<DIV><FONT face=Arial size=2><STRONG>use CGI;</STRONG></FONT></DIV>
<DIV><STRONG></STRONG> </DIV>
<DIV><FONT face=Arial size=2><STRONG>my $query = new CGI;</STRONG></FONT></DIV>
<DIV><STRONG></STRONG> </DIV>
<DIV><FONT face=Arial size=2><STRONG>print
$query->header;</STRONG></FONT></DIV>
<DIV><STRONG></STRONG> </DIV>
<DIV><FONT face=Arial size=2><STRONG>$impr = `/bin/cat
/usr/local/www/cgi-bin/aa.log`;</STRONG></FONT></DIV>
<DIV><STRONG></STRONG> </DIV>
<DIV><FONT face=Arial size=2><STRONG>print "teste:
$impr";<BR></STRONG></FONT></DIV>
<DIV><FONT face=Arial size=2><STRONG></STRONG></FONT> </DIV>
<DIV><FONT face=Arial size=2>quando acesso via Internet explorer veja o
httpd-error.log</DIV></FONT>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Insecure $ENV{PATH} while running setuid
at<BR> /usr/local/www/cgi-bin/sam.cgi
line 11 (#1)<BR> (F) You can't use system(), exec(), or a
piped open in a setuid or<BR> setgid script if any of
$ENV{PATH}, $ENV{IFS}, $ENV{CDPATH},<BR> $ENV{ENV},
$ENV{BASH_ENV} or $ENV{TERM} are derived from data<BR>
supplied (or potentially supplied) by the user. The script must
set<BR> the path to a known value, using trustworthy
data. See perlsec.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Uncaught exception from user
code:<BR> Insecure $ENV{PATH} while
running setuid at /usr/local/www/cgi-bin/sam.cgi line 11.<BR> at
/usr/local/www/cgi-bin/sam.cgi line 11<BR></FONT></DIV>
<DIV><FONT face=Arial size=2>Agora qnd digit via prompt veja</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial><FONT size=2># ./sam.cgi</FONT></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>ele executa normal...</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Server version: Apache/1.3.33 (Unix) PHP/5.0.4
mod_perl/1.29</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>o que esta acontecendo???</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>[]'s Douglas</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial><FONT size=2></FONT></FONT> </DIV>
<DIV><FONT face=Arial><FONT size=2></FONT><FONT
size=2></FONT> </DIV></FONT></BODY></HTML>