A lot of the config stuff is read-only from within a request, but sure, if you manage to get the web app to run some arbitrary code, you can probably find some way to mess up the config for that child process. You could do pretty much anything, like run a system command to wipe whatever part of the hard drive you have access to. You can certainly do things to mess up the perl interpreter in that child process, like screwing up @INC, reading other people's globals, redefining methods, etc. The fact that FastCGI won't let you touch the web server config from a compromised process doesn't sound very valuable to me when you consider all the other things you could do.