Re^2: How to safely define a CGI program's application base directory


Perl: the Markov chain saw
	PerlMonks

Re^2: How to safely define a CGI program's application base directory

by Dallaylaen (Beadle)

on Feb 11, 2013 at 13:58 UTC ( #1018146=note: print w/ replies, xml )

Need Help??

in reply to Re: How to safely define a CGI program's application base directory
in thread How to safely define a CGI program's application base directory

BTW, on a *NIX system one can put rubbish into __FILE__ via

% ln -s myscript.pl evil-char-sequence.pl

Not as simple as 'SOMEVAR=evil-char-sequence ./myscript.pl', but still possible (but an unlikely attack vector, and not available to a remote attacker).

Comment on Re^2: How to safely define a CGI program's application base directory
Re^3: How to safely define a CGI program's application base directory by Anonymous Monk on Feb 11, 2013 at 14:00 UTC
If attacker has access to filesystem (or %ENV) the game is already over , nothing to worry about :)	[reply]

In Section Seekers of Perl Wisdom

Node Status^?

node history
Node Type: note [id://1018146]
help

Chatterbox^?

How do I use this? | Other CB clients

Other Users^?

Others browsing the Monastery: (5)

As of 2013-05-19 05:47 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

The best material for plates (tableware) is:

Results (397 votes), past polls