Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re^2: How to safely define a CGI program's application base directory

by Dallaylaen (Friar)
on Feb 11, 2013 at 13:58 UTC ( #1018146=note: print w/replies, xml ) Need Help??


in reply to Re: How to safely define a CGI program's application base directory
in thread How to safely define a CGI program's application base directory

BTW, on a *NIX system one can put rubbish into __FILE__ via

% ln -s myscript.pl evil-char-sequence.pl
Not as simple as 'SOMEVAR=evil-char-sequence ./myscript.pl', but still possible (but an unlikely attack vector, and not available to a remote attacker).
  • Comment on Re^2: How to safely define a CGI program's application base directory

Replies are listed 'Best First'.
Re^3: How to safely define a CGI program's application base directory
by Anonymous Monk on Feb 11, 2013 at 14:00 UTC
    If attacker has access to filesystem (or %ENV) the game is already over , nothing to worry about :)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1018146]
help
Chatterbox?
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (5)
As of 2017-07-28 19:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I came, I saw, I ...
























    Results (433 votes). Check out past polls.