in reply to Re: Company hacks through my Perl's Website Security hole
in thread Company hacks through my Perl's Website Security hole

That code as written allows anyone to run arbitrary programs. $file was supplied by the user and given to two-arg open which when the filename ends in a pipe symbol is interpreted as a shell command to run.
  • Comment on Re: Re: Company hacks through my Perl's Website Security hole

Replies are listed 'Best First'.
Re: Re: Re: Company hacks through my Perl's Website Security hole
by jepri (Parson) on May 21, 2004 at 16:47 UTC
    update: This post works a lot better as a reply to pzbagel, which is where it should be... except that I clicked the wrong link. My bad.

    The system should have been protected by privilege separation. This guys account gets hacked, the hackers muck around... the sysadmin deletes the account. No worries.

    Except it didn't work that way, this time. I can't even figure out from the parent post what actually happened. Perhaps a lightning strike took out the server room just as he realised his mistake?

    ____________________
    Jeremy
    I didn't believe in evil until I dated it.

[reply]
      The system should have been protected by privilege separation. This guys account gets hacked, the hackers muck around... the sysadmin deletes the account. No worries.
      Privilege separation good. But the bad guys can usually find a way to escalate their privileges once they've got a foot in the door, so I wouldn't go so far as to say "no worries".
[reply]
        Agreed, although removing execute permissions from that filesystem would make it a lot harder to break in. I think mod_perl can be coaxed into running perl scripts even if they don't have execute permissions.

        Under really good OSs, it should be possible to prevent local privilege escalation, at least for a while.

        ____________________
        Jeremy
        I didn't believe in evil until I dated it.

[reply]

In Section Seekers of Perl Wisdom