l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
November 4: Social gathering
Next Installfest:
TBD
Latest News:
Oct. 24: LUGOD election season has begun!
Page last updated:
2002 Feb 20 14:03

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Need help securing a simple perl CGI
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Need help securing a simple perl CGI



On Sun, Feb 17, 2002 at 10:26:28PM -0800, Ryan wrote:
> This is a perl cgi script I wrote to allow me to have large html files on my 
> web host without exceeding my storage quota.
> 
> I'd like it looked at, _I_ can no longer abuse it to run random commands or 
> go where I shouldn't, but that doesn't mean others can'.
> 
> Any other feedback would also be great.

This is not a direct comment on your script, but will help in such
situations. My suggestion: use perl's taint mode, which turns on a paranoid
security system within the perl interpreter. Unsafe operations (such as
opening a file whose name came from CGI input) remain possible, but must be
specifically cleared by calls to the taint mechanism, which minimizes
accidental security breaches. Highly recommended. See perlsec(1).

-- 
Henry House
The attached file is a digital signature. See <http://romana.hajhouse.org/pgp>
for information.  My OpenPGP key: <http://romana.hajhouse.org/hajhouse.asc>.

Attachment: pgp00011.pgp
Description: PGP signature



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.