Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re^2: How to safely define a CGI program's application base directory

by Dallaylaen (Scribe)
on Feb 11, 2013 at 13:58 UTC ( #1018146=note: print w/ replies, xml ) Need Help??


in reply to Re: How to safely define a CGI program's application base directory
in thread How to safely define a CGI program's application base directory

BTW, on a *NIX system one can put rubbish into __FILE__ via

% ln -s myscript.pl evil-char-sequence.pl
Not as simple as 'SOMEVAR=evil-char-sequence ./myscript.pl', but still possible (but an unlikely attack vector, and not available to a remote attacker).


Comment on Re^2: How to safely define a CGI program's application base directory
Re^3: How to safely define a CGI program's application base directory
by Anonymous Monk on Feb 11, 2013 at 14:00 UTC
    If attacker has access to filesystem (or %ENV) the game is already over , nothing to worry about :)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1018146]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (4)
As of 2014-08-30 12:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (293 votes), past polls