[VPM] alternative to perl's Open?

Carl B. Constantine cconstan at csc.uvic.ca
Tue Sep 7 11:30:31 CDT 2004

*On Tue Sep 07, 2004 at 09:24:55AM -0700, abez (abez at abez.ca) wrote:
> >From CGI.pm 
> 	  my $query = CGI->new;
> 	  $filename = $query->param('uploaded_file');
> 	  while(<$filename>) { print; }
> The file is saved to a tmp dir and then opened. $filename is the file
> handle. It doesn't matter what the user named their file.
> If you are running perl code that other people supply you really can't
> stop much. For instance they could have just forked a telnet daemon.
> I'd suggest running the perl scripts under a user who didn't have
> privileges to anything. 

They did just that. It was a user CGI (we use suExec) and they used a
pipe command to wget to get their stuff and run a daemon program
backdoor for entry into the box.

It was quite nasty.

> chroot can also help you. 
> So make a little mini installation of perl. When you run a script chroot
> to the sandbox and setuid to something very weak.

Not sure that's doable in this situation, but I'll look into it.

Carl B. Constantine         University of Victoria
Programmer Analyst          http://www.csc.uvic.ca
UNIX System Administrator   Victoria, BC, Canada
cconstan at csc.uvic.ca        ELW B206, 721-8766

More information about the Victoria-pm mailing list