No executables in /tmp
Bryan Sant
bryan.sant at gmail.com
Mon Mar 27 16:48:27 MST 2006
On 3/27/06, Jeff Schroeder <jeff at zingstudios.net> wrote:
> Greg:
>
> > Might be wrong, but I think that would also mean you'd need to add
> > whatever user apache runs as (I think it's 'nobody' by default) to
> > that group, or you won't be able to run perl-based websites. That
> > is, if you need that.
>
> Hmm, good point. And that's the whole root of the issue, because Apache
> runs as 'nobody' and that's how the Perl scripts are saved in /tmp. If
> Perl can be run by 'nobody', I'm back to square one.
I don't get it. Does apache spawn new perl processes? I thought that
mod_perl was part of the apache process. How could someone exec a new
perl command on your machine via mod_perl? Doesn't mod_perl prevent
(or at least provide a way to secure) exec and eval calls?
> Dang. Welcome to Hackville... population me.
Ha ha ha. What a great expression ;-).
-Bryan
More information about the PLUG
mailing list