Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer

Perl Security

by ddarby14 (Initiate)
on Feb 06, 2009 at 01:45 UTC ( #741767=perlquestion: print w/replies, xml ) Need Help??
ddarby14 has asked for the wisdom of the Perl Monks concerning the following question:

Hi Monks - I'm setting up access for a Perl contractor to help out with the work load and concerned about security and what he has access to. Playing the deviant, I plugged an OPEN command to read a root-owned file in a root-owned directory elsewhere on the server and surprised to see that it didn't give me a script error - instead it printed out the file as requested.

Does it make sense that a script running with these permissions, as this apache user should be able to run an OPEN command to read a root-owned file or directory?

Our Apache 2 server has a test domain with setup as:

SuexecUserGroup        xuser xgroup

The script and it's directory both have permissions as 0755, xuser, xgroup.

I appreciate your time and insight to sort this out. Thx!

Replies are listed 'Best First'.
Re: Perl Security
by jasonk (Parson) on Feb 06, 2009 at 02:17 UTC

    root-owned doesn't mean anything. If the permissions on the file allow it to be read, then it will be read.

    Also, this is an Apache question, or possibly a file permissions question, it isn't even remotely a perl question.
    We're not surrounded, we're in a target-rich environment!
Re: Perl Security
by jethro (Monsignor) on Feb 06, 2009 at 04:04 UTC

    Don't look at the permissions of the script, check the permissions of the file you tried to open. If this file has its read-permission for 'other' (i.e. everyone) set then everyone can read the file.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://741767]
Approved by planetscape
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (4)
As of 2017-04-30 10:22 GMT
Find Nodes?
    Voting Booth?
    I'm a fool:

    Results (535 votes). Check out past polls.