Permission problem with CGI script
Jan Henning Thorsen
jhthorsen at cpan.org
Thu Jul 15 10:34:14 PDT 2010
I think autodie is nice, but not always what I want - especially since
I'm not a big fan of exceptions (another discussion though...)
But I most certainly do NOT like tait mode, since it might break some
perl modules, which require C/XS code. And I also don't want to rely
on perl fixing things for me - I would rather be causious of my own
On Thu, Jul 15, 2010 at 6:02 PM, Andy Selby <andyfrommk at gmail.com> wrote:
>>> This might suggest that by default fedora apache is more secure? (not that
>>> I use fedora any more). Anyway, for something redhat derived for a server
>>> you should use CentOS.
>> it probably is since selinux is enabled. which in my experinence just casues
>> more problems than it solves or at least just gets in the way a lot.
> SELINUX! Damn, as soon as I read that I knew it was the culprit, same
> story with my graphics card driver,
> locate could locate the module but insmod said file not found just as
> it would stop apache writing to a directory apache has write access
> That got it working on the Fedora system and I solved that
> 'Inappropriate ioctl for device' message, it was line 23,
> 'print $!;'
> which for the life of me I can't think why it was there.
>>>[root at xyphen ~]# suexec -v
>>>suexec policy violation: see suexec log for more details
>>Ahh, you need a capital V "suexec -V"
> Jan,Tom I will certainly investigate three way open, although I
> thought taint mode was the preferred choice of stopping special
> characters being passed to the interpretor (and, thus, thwarting a
> robert'); DROP TABLES students;-- and `cat ../../../etc/passwd`)
> I removed the 'or die' part since I realised the lines in apache's
> error log was whatever you write between 'or die' and '$!', and I
> wondered why the error message was useless, I wrote it!
> Thanks for all your help guys,
> MiltonKeynes-pm mailing list
> MiltonKeynes-pm at pm.org
More information about the MiltonKeynes-pm