nms has asked for the wisdom of the Perl Monks concerning the following question:

I found out that on a multi-host webserver, it is wise to set PHP (for instance) in safe mode as users could run scripts performing things in areas on the server where I don't want them. Is PERL equally powerfull to let a user damage the server by writing data anywhere on the server? We are setting up a webserver for a few accounts, but some want PERL. I cannot oversee the security issues here... It is going to be a Windows Server 2003 environment with IIS6.

Replies are listed 'Best First'.
Re: Installing and securing server
by cees (Curate) on May 22, 2005 at 23:23 UTC

    The reason that PHP is often put into Safe Mode in multi-host webservers is because PHP is often embedded into the web server (it doesn't have to be, as PHP scripts can be run in a CGI environment, but it usually is). This means that all PHP scripts run with the permission that the web server runs as. So your PHP scripts then have the ability to do anything that your webserver has permission to do. And since all PHP scripts across all the websites run as the same user, you would have the ability to change any files that were writable by the webserver, and to read any code that other users have put on their websites (ie to look for database passwords and such in other PHP programs).

    In a shared environment, perl is usually only available through CGI programs. Most webserver allow you to run CGI scripts as a different user for every website. In apache this is done through the suexec module (I don't know IIS so you will have to look that up). Since in this case all scripts run as their own user, they can only read and change files that they have permissions for. This makes it much more secure. Perl can also be run as part of the webserver using mod_perl, and in that case it suffers from the same security concerns that PHP does.

    Of course if you let a user execute a program on your server, they can look at any world-readable file on the system and write to any world writable file, so you will need to make sure that your system is sufficiently secured (again on Windows I am not sure how to help you, and that is a topic beyond this forum regardless). Also, your users will be able to do nasty things like run programs that suck up all your CPU (either malisciously, or through silly programming errors), or they could fill up your disk with junk bringing your server to it's knees. There are many ways to protect yourself against these things that you should probably look into.

    Also, you should know that this isn't a specific problem with Perl. Any programming language will suffer from these issues, unless you run them in some sort of a sandbox where the user is limited in what they can see and/or do.

    - Cees

[reply]
Re: Installing and securing server
by fauria (Deacon) on May 22, 2005 at 20:47 UTC
    The scope of an interpreter such as perl, php, python and so depends mainly on the implementation of the os where it runs.

    Mechanisms for avoiding the execution of programs somewhere are implemented in the os (noexec option of mount, for example), like read/write/exec permissions are, and they are usually implemented in the kernel, not by userspace programs.

    I think this is more a matter of W2003 than Perl itself.
[reply]
Re: Installing and securing server
by ghenry (Vicar) on May 22, 2005 at 20:53 UTC
[reply]
Re: Installing and securing server
by ww (Archbishop) on May 22, 2005 at 22:21 UTC
    Don't know 2003/IIS6, but Apache (avail for windows) and other servers have config options by which you can restrict the scope of any user's cgi-bin user program; which let you restrict where cgi-bin is allowed, etc.

    If you have a 'druthers (choice), you're at a stage where investigating alternate servers might be valuable. If the prospective accounts don't need some MS-specific capability, you may have options.

    updatedFirst para changed for clarity
[reply]

Back to Seekers of Perl Wisdom