In regards to checking the amount of disk space left, you may want to partition your hard drive so that files are uploaded on a separate partition. Then, even if someone manages to try to upload a terabyte of data from /dev/urandom, all that gets filled will be your partition, and your computer should still be able to operate.
Want to support the EFF and FSF by buying cool stuff? Click here.
| [reply] |
While you're doing that, mount the partition with noexec:
noexec Do not allow execution of any binaries on
the mounted file system. This option might
be useful for a server that has file systems
containing binaries for architectures other
than its own.
Also good for parititions that are writable by untrusted users. It was suggested to me recently that the whole web root should be on a noexec partition, with cgi's symlinked from /usr/lib (or, presumably, other trusted partitions).
--
eval pack("H*", "7072696e74207061636b2822482a222c202236613631373036382229");
# japh or forkbomb? You decide!
| [reply] |
The easiest way to check how much space is left, is probably to use "some commandline tool" (I use df, but that only works on UNIX).
Depending on how you disable scripting, not everything might actually be turned off (i.e. in Apache, if you disable CGI scripts, you might still have PHP switched on, etc.) Just make sure you really turned it all off, or serve the files via another script.
Taint mode in IIS (and maybe some other web servers) can AFAIK not be turned on via the shebang line, you probably need to switch it on in the server config somewhere (haven't done this in years, so I can't remember how exactly). If you turn it on in the server, scripts using perl -wT should run fine too.
As for file types, not reliably. Check for extensions and mime-type, but people can always fake it. File::MimeInfo::Magic might be useful.
edit: oh yes, I overlooked the binmode in your script. I think it's fine like that.
Hope this helps.
Joost.
| [reply]
[d/l] |