Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re: How to answer "Perl is not secure" objections?

by lyklev (Pilgrim)
on Sep 06, 2007 at 21:47 UTC ( #637544=note: print w/ replies, xml ) Need Help??


in reply to How to answer "Perl is not secure" objections?

There is some truth in the manager^3's fear: if you are running Perl through mod_perl on apache without any security in mind, the application runs with the privileges of the web server. If that is root, you have a problem.

As far as I remember though, Red Hat locked apache down by changing to some "nobody/nogroup" user after starting. If it is RH Enterprise 4 or later, SELinux might be used to further lock down the server. To such an extent that it might be a pain to get mod_perl running at all.

The bottom line is that mod_perl can be a security hole if the system has bad administration. With good administration (chroot, changing user/group after startup), mod_perl can be perfectly secure. It can never bypass OS security, but it can use the permissions it was granted.


Comment on Re: How to answer "Perl is not secure" objections?
Re^2: How to answer "Perl is not secure" objections?
by chargrill (Parson) on Sep 06, 2007 at 22:54 UTC

    the application runs with the privileges of the web server. If that is root, you have a problem.

    No, you have two problems - the first of which is solved by firing your system administrator.

    Red Hat locked apache down by changing to some "nobody/nogroup"

    No, apache has done that from (very nearly if not) the start. Various distributions will change the username and/or group, but the net effect is that apache needs to be launched as root to bind to a privileged port (< 1024) and then drops privileges to as unprivileged a user as possible.


    --chargrill
    s**lil*; $*=join'',sort split q**; s;.*;grr; &&s+(.(.)).+$2$1+; $; = qq-$_-;s,.*,ahc,;$,.=chop for split q,,,reverse;print for($,,$;,$*,$/)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://637544]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (10)
As of 2015-07-06 07:16 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (70 votes), past polls