No executables in /tmp

Bryan Sant bryan.sant at gmail.com
Mon Mar 27 16:48:27 MST 2006


On 3/27/06, Jeff Schroeder <jeff at zingstudios.net> wrote:
> Greg:
>
> > Might be wrong, but I think that would also mean you'd need to add
> > whatever user apache runs as (I think it's 'nobody' by default) to
> > that group, or you won't be able to run perl-based websites. That
> > is, if you need that.
>
> Hmm, good point.  And that's the whole root of the issue, because Apache
> runs as 'nobody' and that's how the Perl scripts are saved in /tmp.  If
> Perl can be run by 'nobody', I'm back to square one.

I don't get it.  Does apache spawn new perl processes?  I thought that
mod_perl was part of the apache process.  How could someone exec a new
perl command on your machine via mod_perl?  Doesn't mod_perl prevent
(or at least provide a way to secure) exec and eval calls?

> Dang.  Welcome to Hackville... population me.

Ha ha ha.  What a great expression ;-).

-Bryan



More information about the PLUG mailing list