Re^2: disable perl for some users

Replies are listed 'Best First'.
Re^3: disable perl for some users by f00li5h (Chaplain) on Mar 26, 2007 at 09:43 UTC
Another option would be to include a perl binary in thier home directroy ... `Home directory ne document root` It would be a terrible idea to expose a user's home directory as their document root, this is why apache defaults to sharing `~user/public_html/` as `~user/` to the world The user would still have to stick `perl` in a `ScriptAlias`'ed or `Options +ExecCGI`'ed directory for your url to have a chance of working, Apache would try to find a file called `q[perl -e 'system("rm -rf")']`, which won't generally be there. In an html directory, they'd be likely to get a download of the `perl` binary instead. `@_=qw; ask f00li5h to appear and remain for a moment of pretend better than a lifetime;;s;;@_[map hex,split'',B204316D8C2A4516DE];;y/05/os/&print;` Update added the bit about a file called `q[ perl -e 'system("rm -rf")']`	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re^3: disable perl for some users
by f00li5h (Chaplain) on Mar 26, 2007 at 09:43 UTC

Another option would be to include a perl binary in thier home directroy ...

Home directory ne document root

It would be a terrible idea to expose a user's home directory as their document root, this is why apache defaults to sharing ~user/public_html/ as ~user/ to the world

The user would still have to stick perl in a ScriptAlias'ed or Options +ExecCGI'ed directory for your url to have a chance of working, Apache would try to find a file called q[perl -e 'system("rm -rf")'], which won't generally be there. In an html directory, they'd be likely to get a download of the perl binary instead.

@_=qw; ask f00li5h to appear and remain for a moment of pretend better than a lifetime;;s;;@_[map hex,split'',B204316D8C2A4516DE];;y/05/os/&print;

Update

added the bit about a file called q[ perl -e 'system("rm -rf")']

[reply]
[d/l]
[select]