Re^2: How to safely define a CGI program's application base directory

in reply to Re: How to safely define a CGI program's application base directory
in thread How to safely define a CGI program's application base directory

BTW, on a *NIX system one can put rubbish into __FILE__ via

% ln -s myscript.pl evil-char-sequence.pl

Not as simple as 'SOMEVAR=evil-char-sequence ./myscript.pl', but still possible (but an unlikely attack vector, and not available to a remote attacker).

Comment on Re^2: How to safely define a CGI program's application base directory

Replies are listed 'Best First'.
Re^3: How to safely define a CGI program's application base directory by Anonymous Monk on Feb 11, 2013 at 14:00 UTC
If attacker has access to filesystem (or %ENV) the game is already over , nothing to worry about :)	[reply]

In Section Seekers of Perl Wisdom