Re: System calls from CGI script

Hi whitdan,

First of all, the architecture of having a CGI script make system calls is something to be very, very careful with, as it can easily allow attackers access to your system. The very least you need to do is protect access to the server / the script with some kind of authentication mechanism. Even then, you need to be very careful with any input you get and might want to pass along to the system command.

Having said that, you're clearing the PATH environment variable and then attempting to call perl without the full pathname. Try calling it as /usr/bin/perl (or wherever your perl binary is installed).

Another thing to remember is that the user the web server and CGI script is being run as often doesn't have permissions to anything, e.g. the nobody user.

Hope this helps,
-- Hauke D

Comment on Re: System calls from CGI script Select or Download Code

Replies are listed 'Best First'.
Re^2: System calls from CGI script by whitdan (Initiate) on Nov 04, 2016 at 19:36 UTC
Thanks for the advice. Security is one of the top priorities when working with pages on websites. The user must be logged into our system to access the page and the system calls will only be used to run set values from the database. Thank you for your suggestion, it worked perfectly. I needed to add the absolute path to perl.	[reply]