Permission problem with CGI script

Jan Henning Thorsen jhthorsen at cpan.org
Thu Jul 15 10:34:14 PDT 2010


I think autodie is nice, but not always what I want - especially since
I'm not a big fan of exceptions (another discussion though...)

But I most certainly do NOT like tait mode, since it might break some
perl modules, which require C/XS code. And I also don't want to rely
on perl fixing things for me - I would rather be causious of my own
choices.

On Thu, Jul 15, 2010 at 6:02 PM, Andy Selby <andyfrommk at gmail.com> wrote:
>>> This might suggest that by default fedora apache is more secure? (not that
>>> I use fedora any more). Anyway, for something redhat derived for a server
>>> you should use CentOS.
>>
>> it probably is since selinux is enabled. which in my experinence just casues
>> more problems than it solves or at least just gets in the way a lot.
>
> SELINUX! Damn, as soon as I read that I knew it was the culprit, same
> story with my graphics card driver,
> locate could locate the module but insmod said file not found just as
> it would stop apache writing to a directory apache has write access
> to.
>
> That got it working on the Fedora system and I solved that
> 'Inappropriate ioctl for device' message, it was line 23,
> 'print $!;'
> which for the life of me I can't think why it was there.
>
>>>[root at xyphen ~]# suexec -v
>>>suexec policy violation: see suexec log for more details
>
>>Ahh, you need a capital V "suexec -V"
>
> <strong>D'OH</strong>
>
> Jan,Tom I will certainly investigate three way open, although I
> thought taint mode was the preferred choice of stopping special
> characters being passed to the interpretor (and, thus, thwarting a
> robert'); DROP TABLES students;-- and `cat ../../../etc/passwd`)
>
> I removed the 'or die' part since I realised the lines in apache's
> error log was whatever you write between 'or die' and '$!', and I
> wondered why the error message was useless, I wrote it!
>
> Thanks for all your help guys,
>
> Andy
> _______________________________________________
> MiltonKeynes-pm mailing list
> MiltonKeynes-pm at pm.org
> http://mail.pm.org/mailman/listinfo/miltonkeynes-pm
>


More information about the MiltonKeynes-pm mailing list