[4373] in WWW Security List Archive
Re: Perl System Call HACKS
daemon@ATHENA.MIT.EDU (Paul Phillips)
Tue Feb 11 22:11:08 1997
Date: Tue, 11 Feb 1997 15:51:14 -0800 (PST)
From: Paul Phillips <paulp@go2net.com>
To: "Brian W. Spolarich" <briansp@ans.net>
cc: Jeff Middleton <jeffm@sgiserv3.aws.waii.com>, www-security@ns2.rutgers.edu
In-Reply-To: <Pine.GSO.3.95.970210164757.3837H-100000@thebrain.aa.ans.net>
Errors-To: owner-www-security@ns2.rutgers.edu
On Mon, 10 Feb 1997, Brian W. Spolarich wrote:
> | Is there a FAQ or information giving some examples as to the way
> | a perl script that executes sendmail via a PERL system call can
> | be hacked?
>
> I'd start with the WWW Security FAQ
>
> http://www-genome.wi.mit.edu/WWW/faqs/www-security-faq.html
>
> especially sections 6 (CGI scripts) and 7 (Safe Scripting in Perl).
There is also the (admittedly somewhat dated) CGI Security page at
<URL:http://www.go2net.com/people/paulp/cgi-security/>
which has examples and identifies wise and unwise practices.
--
Paul Phillips | Wacky calculator fun for kids: enter your current
Cat Juggler | age. Now add 1. The result is the age you will be
<paulp@go2net.com> | when you die.
+1 206 447 1595 |
