Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Re: Truly Isolated Perl

by mr_mischief (Monsignor)
on Sep 19, 2018 at 19:30 UTC ( [id://1222671]=note: print w/replies, xml ) Need Help??


in reply to Truly Isolated Perl

There are ways to lock down subdirectories from being served by a web server. Even so, putting the executable for a general-purpose programming language within your document root seems like a terrible idea. Since you're not talking about a PSGI server as part of this scenario and talking about needing to put things in a particular directory, it seems you're likely using CGI.

Imagine you have CGI enabled within your web root. Now imagine for some reason the subdirectory containing perl within that web root becomes web accessible. The HTTP verb POST sends the request body from the client to the web server, which then runs the executable mapped at the requested URI. The request body is then passed in its entirety to that executable's STDIN. Eve fuzzes and futzes and finds your perl executable. She then POSTs arbitrary code, which then runs. Suddenly your system is a command and control system for a botnet or something even worse.

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1222671]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others browsing the Monastery: (3)
As of 2024-04-20 01:37 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found