Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re: Perlsec and taint mode?

by ikegami (Patriarch)
on Oct 27, 2023 at 16:54 UTC ( [id://11155225] : note . print w/replies, xml ) Need Help??


in reply to Perlsec and taint mode?

Files don't have real and effective uids and gids. Processes do. Taint is enabled when a process's real and effective uids are different, and when its real and effective gids are different.

To get the necessary criteria in your scenario, the file would have needed to have its setgid flag set, or Apache would have needed to use setuid in the spawned process. Or the equivalent for gid.