RE: Perl Problems
> Don Armstrong wrote:
> On Tue, 15 Mar 2005, Jefferson Cowart wrote:
> > (PowerPC Box)# ./selfscan.cgi
> > Insecure $ENV{PATH} while running with -T switch at
> ../../lib/POSIX.pm
> > (autosplit into ../../lib/auto/POSIX/getcwd.al) line 667.
>
> It would be nice to see the selfscan.cgi script as well, but even
> without that, the problem is most likely because you're using
> something that depends on $ENV{PATH} without first sanitizing
> $ENV{PATH}.
Aside from usernames/passwords the script is identical to the one at
https://svn.cs.pomona.edu/its/WebSites/netreg.pomona.edu/cgi-bin/selfscan.cg
i.tmpl.
> Most likely only one of the scripts is running with -T, or
> setuid|setgid. [Unless there really is a difference in getcwd.al
> between ppc and x86... I haven't seen it myself, though.]
They both specify the -T option on the first line of the script (I copied
the file from one server to the other so I'm sure they are the same.)
(PowerPC)# head selfscan.cgi -n5
#!/usr/bin/perl -Tw
#########################################################################
#
# This script is designed to allow users to determine the security
(x86)# head selfscan.cgi -n5
#!/usr/bin/perl -Tw
#########################################################################
#
# This script is designed to allow users to determine the security
>
>
> Don Armstrong
>
> --
> You could say she lived on the edge... Well, maybe not
> exactly on the edge,
> just close enough to watch other people fall off.
> -- hugh macleod http://www.gapingvoid.com/batch8.htm
>
> http://www.donarmstrong.com http://rzlab.ucr.edu
>
>
> --
> To UNSUBSCRIBE, email to debian-perl-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
Reply to: