Re: disable perl for some users

Another option would be to include a perl binary in thier home directroy, and have it so that they can't run perls from other users. This would also mean that the users can upgrade their own perl versions (if you leave the permissions open enough).

Or you could go even further and trap the user in a chroot and stick a perl in there. (Ensim do whole bundlels of this)

@_=qw; ask f00li5h to appear and remain for a moment of pretend better than a lifetime;;s;;@_[map hex,split'',B204316D8C2A4516DE];;y/05/os/&print;

Comment on Re: disable perl for some users Download Code

Replies are listed 'Best First'.
Re^2: disable perl for some users by DrHyde (Prior) on Mar 26, 2007 at 09:31 UTC
Given that the OP talked about Apache, then that's a Really Bad Idea, as it would let remote users construct requests like http://example.com/~user/perl%20-e%20'system("rm%20-rf")'.	[reply]
Re^3: disable perl for some users by f00li5h (Chaplain) on Mar 26, 2007 at 09:43 UTC
Another option would be to include a perl binary in thier home directroy ... `Home directory ne document root` It would be a terrible idea to expose a user's home directory as their document root, this is why apache defaults to sharing `~user/public_html/` as `~user/` to the world The user would still have to stick `perl` in a `ScriptAlias`'ed or `Options +ExecCGI`'ed directory for your url to have a chance of working, Apache would try to find a file called `q[perl -e 'system("rm -rf")']`, which won't generally be there. In an html directory, they'd be likely to get a download of the `perl` binary instead. `@_=qw; ask f00li5h to appear and remain for a moment of pretend better than a lifetime;;s;;@_[map hex,split'',B204316D8C2A4516DE];;y/05/os/&print;` Update added the bit about a file called `q[ perl -e 'system("rm -rf")']`	[reply] [d/l] [select]