Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re^2: How to safely define a CGI program's application base directory

by Dallaylaen (Monk)
on Feb 11, 2013 at 13:58 UTC ( #1018146=note: print w/ replies, xml ) Need Help??


in reply to Re: How to safely define a CGI program's application base directory
in thread How to safely define a CGI program's application base directory

BTW, on a *NIX system one can put rubbish into __FILE__ via

% ln -s myscript.pl evil-char-sequence.pl
Not as simple as 'SOMEVAR=evil-char-sequence ./myscript.pl', but still possible (but an unlikely attack vector, and not available to a remote attacker).


Comment on Re^2: How to safely define a CGI program's application base directory
Re^3: How to safely define a CGI program's application base directory
by Anonymous Monk on Feb 11, 2013 at 14:00 UTC
    If attacker has access to filesystem (or %ENV) the game is already over , nothing to worry about :)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1018146]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (10)
As of 2015-07-03 13:34 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (53 votes), past polls