Perl Securityby ddarby14 (Initiate)
|on Feb 06, 2009 at 01:45 UTC||Need Help??|
ddarby14 has asked for the
wisdom of the Perl Monks concerning the following question:
Hi Monks - I'm setting up access for a Perl contractor to help out with the work load and concerned about security and what he has access to. Playing the deviant, I plugged an OPEN command to read a root-owned file in a root-owned directory elsewhere on the server and surprised to see that it didn't give me a script error - instead it printed out the file as requested.
Does it make sense that a script running with these permissions, as this apache user should be able to run an OPEN command to read a root-owned file or directory?
Our Apache 2 server has a test domain with setup as:
SuexecUserGroup xuser xgroup
The script and it's directory both have permissions as 0755, xuser, xgroup.
I appreciate your time and insight to sort this out. Thx!