Permission problem with CGI script

Jan Henning Thorsen jhthorsen at cpan.org
Thu Jul 15 01:45:46 PDT 2010


Just as a side note: I would suggest using three-way open, especially
when working with web-apps:

 open my $FH, $mode, $file or die "Could not $mode $file: $!";

^ the main point is that $mode is the second argument and not part of
the $file. It's simply more secure, since you cannot pass inn special
characters to do funky stuff... also, using a -X test on the file
before appending to it can be smart to avoid users from passing in \0
characters, which open() will...uhm...I cannot remember, but there (at
least used to be) some weird security flaw by passing \0 to open in
the $file parameter.

Second: Suexec? I mostly like to think that all my web-users are
virtual and all the backend data is owned by www-user (or whatever). I
don't like changing user inside my apache process, since it includes
another potential security hole... But that's just my oppinion.

Regards,
 Jan Henning

On Thu, Jul 15, 2010 at 2:02 AM, Lyle <webmaster at cosmicperl.com> wrote:
> On 14/07/2010 21:59, Lyle wrote:
>>
>> On 14/07/2010 20:34, Andy Selby wrote:
>>>
>>> [root at xyphen ~]# suexec -v
>>> suexec policy violation: see suexec log for more details
>>
>> That's a new one to me :/
>
> Ahh, you need a capital V "suexec -V"
>
>
> Lyle
>
> _______________________________________________
> MiltonKeynes-pm mailing list
> MiltonKeynes-pm at pm.org
> http://mail.pm.org/mailman/listinfo/miltonkeynes-pm
>


More information about the MiltonKeynes-pm mailing list