Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re: Re: Re: -T t t t t t o o late folks

by WebHick (Scribe)
on Apr 07, 2001 at 02:24 UTC ( #70638=note: print w/replies, xml ) Need Help??


in reply to Re: Re: -T t t t t t o o late folks
in thread -T t t t t t o o late folks

Yes, taking the -T out of the #! line will allow the program to run, but unfortunately, it also doesn't taint check.

I know that sounds really arrogant, but I tested this out. I created a tiny little file that purposely causes taint to scream:
#!perl -wT use strict; my $bad_stuff = $ENV{HOME}; system($bad_stuff);

I'm probably rehashing old news, but my testing shows that taint will puke over this whether or not the -T is in the #! line as long as perl is called with -T. But if I run it in the browser without the -T in the #! line, taint doesn't make a peep. This is all while the -T is still in the registry. But I'm probably misunderstanding the situation...

Update: Due to several complaints, removed signature

Sarah

Replies are listed 'Best First'.
Re: Re: Re: Re: -T t t t t t o o late folks
by dws (Chancellor) on Apr 07, 2001 at 02:32 UTC
    I assume you've given the script a .cgi extension, and that you've located the W3SVC\Parameters\scriptmap in the registry, and have added -T to the value for the .cgi key, and that you've stopped and restarted IIS (or rebooted, for good measure).

    If all this is the case, then you should see -T puking on your script when you invoke it through the browser.

    I get "Too late for -T" when I also have -T in the #! line, but this may be Perl version-dependent behavior (I'm pretty far out of date on one box. This is probably a good excuse to upgrade.)

      Yep, after doing anything in the registry, I always reboot.

      I feel as though I'm miscommunicating. I'm not using IIS, I'm using PWS (Personal Web Server). I realize that these can be considered the same in some respects, but for all I know, that isn't the case here. The only way I've found to manipulate the Script Map is to edit the registry. You mentioned playing with this through the Internet Service Manager - I don't think I have that.

      My biggest problem with taking the -T out of the #!, is that it does not appear to be taint checking at all. The code I posted earlier should make taint tell me that it's insecure, but it simply doesn't. This is why I'm going to the trouble of uploading to my webhost to make sure my code runs cleanly in taint.

      Update: Due to several complaints, removed signature

      Sarah

        PWS for NT ships with the Internet Service Manager.

        PWS for 98 does not. You're stuck editing the registry. Not only that, but I've seen cases where if you screw up the scriptmap in the registry, you actually have to uninstall/reinstall PWS to get bogus info cleared out of the Metabase (the PWS/IIS settings cache).

        I don't know if there's a PWS for 2000. Anyone?

Re: Re: Re: Re: -T t t t t t o o late folks
by Anonymous Monk on Feb 07, 2004 at 23:49 UTC
    I solved the problem and have no experience in Perl or IIS (I guess now I have a little) All you have to do is this: Relates to IIS 5 or higher using ActivePerl 5.x for Win32 using ISAPI. Go into the properties of CGI virtual directory.. Click "Configuration" button on the Virtual Direcotry tab Click on your .pl extension and click edit Edit the line to reflect C:\perl\bin\perl.exe -T "%s" %s Apply changes.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://70638]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (4)
As of 2022-10-02 12:35 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My preferred way to holiday/vacation is:











    Results (8 votes). Check out past polls.

    Notices?