@files = glob('*.c'); # Always insecure (uses csh)
If you try to do something insecure, you will get a fatal error saying
-something like "Insecure dependency" or "Insecure PATH". Note that you
+something like "Insecure dependency" or "Insecure $ENV{PATH}". Note that you
can still write an insecure B<system> or B<exec>, but only by explicitly
doing something like the "considered secure" example above.
} else {
my @temp = ($EUID, $EGID);
$EUID = $UID;
- $EGID = $GID; # XXX: initgroups() not called
+ $EGID = $GID; # initgroups() also called!
# Make sure privs are really gone
($EUID, $EGID) = @temp;
- die "Can't drop privileges" unless
- $UID == $EUID and
- $GID eq $EGID; # String test
+ die "Can't drop privileges"
+ unless $UID == $EUID && $GID eq $EGID;
$ENV{PATH} = "/bin:/usr/bin";
- exec 'myprog', 'arg1', 'arg2' or
- die "can't exec myprog: $!";
+ exec 'myprog', 'arg1', 'arg2'
+ or die "can't exec myprog: $!";
}
A similar strategy would work for wildcard expansion via C<glob>, although
the source code has to be readable in order to be compiled and
interpreted. (That doesn't mean that a CGI script's source is
readable by people on the web, though.) So you have to leave the
-permissions at the socially friendly 0755 level.
+permissions at the socially friendly 0755 level. This lets
+people on your local system only see your source.
-Some people regard this as a security problem. If your program does
+Some people mistakenly regard this as a security problem. If your program does
insecure things, and relies on people not knowing how to exploit those
insecurities, it is not secure. It is often possible for someone to
determine the insecure things and exploit them without viewing the
Your access to it does not give you permission to use it blah blah
blah." You should see a lawyer to be sure your licence's wording will
stand up in court.
+
+=head1 SEE ALSO
+
+L<perlrun> for its description of cleaning up environment variables.
projects / p5sagit/p5-mst-13.2.git / blobdiff