Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Perl Security

by ddarby14 (Initiate)
on Feb 06, 2009 at 01:45 UTC ( #741767=perlquestion: print w/ replies, xml ) Need Help??
ddarby14 has asked for the wisdom of the Perl Monks concerning the following question:

Hi Monks - I'm setting up access for a Perl contractor to help out with the work load and concerned about security and what he has access to. Playing the deviant, I plugged an OPEN command to read a root-owned file in a root-owned directory elsewhere on the server and surprised to see that it didn't give me a script error - instead it printed out the file as requested.

Does it make sense that a script running with these permissions, as this apache user should be able to run an OPEN command to read a root-owned file or directory?

Our Apache 2 server has a test domain with setup as:

SuexecUserGroup        xuser xgroup

The script and it's directory both have permissions as 0755, xuser, xgroup.

I appreciate your time and insight to sort this out. Thx!

Comment on Perl Security
Download Code
Replies are listed 'Best First'.
Re: Perl Security
by jasonk (Parson) on Feb 06, 2009 at 02:17 UTC

    root-owned doesn't mean anything. If the permissions on the file allow it to be read, then it will be read.

    Also, this is an Apache question, or possibly a file permissions question, it isn't even remotely a perl question.


    www.jasonkohles.com
    We're not surrounded, we're in a target-rich environment!
Re: Perl Security
by jethro (Monsignor) on Feb 06, 2009 at 04:04 UTC

    Don't look at the permissions of the script, check the permissions of the file you tried to open. If this file has its read-permission for 'other' (i.e. everyone) set then everyone can read the file.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://741767]
Approved by planetscape
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (10)
As of 2015-07-30 10:40 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (271 votes), past polls