I can see your concern but do not really see how anyone can read any file on my filesystem by this usage. Permissions will not allow for any privilaged file to be read by a webserver running as "nobody" or any other non-privilaged user.

Not to mention the hard coded variable of $path which is not changeable by the user and is the entire first portion of the variable $full's value.

If there is a way to break out of this directory with the current state of this script please be specific because I do not see it.

I have read about the two and three arg open calls but do not see in this implementation how a three arg open call will help any. Now I am not saying it won't because I am the farthest thing from an expert but if it will please again be more specific.

Edit: Ohh wait a minute! Oh crap I see it and tested it and yes you are correct. Big oversight on my part. Thanks for the heads up! Permissions do save me on privilaged files but there are some un-privilaged files Apache can read that people have no buisness looking at and can lead to further exploitation.


www.perlskripts.com

In reply to Re^2: issues displaying cgi script source? by Elijah
in thread issues displaying cgi script source? by Elijah

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.