l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2002 Feb 20 14:03

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Need help securing a simple perl CGI
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Need help securing a simple perl CGI

On Sun, Feb 17, 2002 at 10:26:28PM -0800, Ryan wrote:
> This is a perl cgi script I wrote to allow me to have large html files on my 
> web host without exceeding my storage quota.
> I'd like it looked at, _I_ can no longer abuse it to run random commands or 
> go where I shouldn't, but that doesn't mean others can'.
> Any other feedback would also be great.

This is not a direct comment on your script, but will help in such
situations. My suggestion: use perl's taint mode, which turns on a paranoid
security system within the perl interpreter. Unsafe operations (such as
opening a file whose name came from CGI input) remain possible, but must be
specifically cleared by calls to the taint mechanism, which minimizes
accidental security breaches. Highly recommended. See perlsec(1).

Henry House
The attached file is a digital signature. See <http://romana.hajhouse.org/pgp>
for information.  My OpenPGP key: <http://romana.hajhouse.org/hajhouse.asc>.

Attachment: pgp00011.pgp
Description: PGP signature

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!