[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Perl security

Hi there,

How many perl binaries are available on a RaQ3, and what is done to make
perl safe to use.
The admin server needs to run as root in order to be able to access all the
sites, but is there another perl on the machine for usage of the customer,
because at this point on time one site can read all the content of another
sites files.


This is the script I used to test this.
#!/usr/bin/perl
use Cwd;

#$dir = $ARGV[0];
$dir = "/home/sites/home/web";

print ("Content-type: text/html\n\n");
print "dir => $dir\n";

opendir(THISDIR, "$dir");
@dirlist = <THISDIR>;
print "OPEN @dirlist\n";

rmdir("/home/sites/home/web/tmp");

@dirlist = readdir THISDIR;
print "READ @dirlist\n";
foreach $dir (@dirlist)
{
        print "$dir<br>\n";
}

open(FILE, "/home/sites/home/web/test.php");

print <FILE>;


I ran it as a normal site administrator, and although I wasn't able to
delete the directory I specified, I could still read the file I specified.

This kind of scares me because in that case if could use a system call to
send out the following command

find /home/sites -name '*.php*' >> phpfiles.txt

and then make a script that will perform a
more file_name | grep mysql_connect

in order to fetch mysql password

Scary scary thought

Isn't there something like an open_basedir restriction like there is for PHP
or could I have the sources of the cgi-wrapper program.


============================================

Marco Baurdoux
Unix Administrator
Infomaniak Network SA
Avenue de la Praille 26
1227 Carouge
Switzerland
Tel: +41 (0)22 820 35 41
Fax: +41 (0)22 820 35 46
http://web.infomaniak.ch

Linux/Unix is very user friendly,
it's just very picky about who its friends are !!!

=======================================================================