You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by James G Smith <JG...@TAMU.Edu> on 2000/11/16 19:12:16 UTC

Re: security suggestion

Adam Prime <ap...@brunico.com> wrote:
>The servers that had apache on them for users when i was at school didn't
>even allow normal cgi, so i have no idea how one would approach doing
>something like this with mod_perl.

Even more convoluted is when a user can ExecCGI, but only via suexec.  
mod_perl would get around the suexec protections.  Especially on student web 
servers where there are (potentially) 60,000 people wanting to put up web 
pages with CGI.  Thankfully, not all the users want to do this.  But the issue 
is still there.  If someone has mod_perl access, they have access to 
everything the server can access.
-- 
James Smith <JG...@TAMU.Edu>, 979-862-3725
Texas A&M CIS Operating Systems Group, Unix