Mailing List Archive

> Is there some way to limit Perl's access to the system ? My users
> shouldn't be able to retrieve information such as the CPU type, the
> amount of memory, etc. through cgi-scripts...

i think it's not possible, at least in an easy way. you can try to
chroot their scripts in a reduced environment, with a custom hacked perl
executable, without all the programs that can give these informations,
without Config.pm, without /proc, without a lot of things it's easy to
forget...

hope this helps, but im'almost sure it doesn't :-)

pietro.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Try using suExec.

Wim Godden wrote:
>
> Is there some way to limit Perl's access to the system ? My users
> shouldn't be able to retrieve information such as the CPU type, the
> amount of memory, etc. through cgi-scripts...
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

That won't limit acces to /proc which is something I need... a way to block
people from accessing certain items in /proc.


Webmaster wrote:

> Try using suExec.
>
> Wim Godden wrote:
> >
> > Is there some way to limit Perl's access to the system ? My users
> > shouldn't be able to retrieve information such as the CPU type, the
> > amount of memory, etc. through cgi-scripts...
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Try compiling Perl with some command line options.

Wim Godden wrote:
>
> That won't limit acces to /proc which is something I need... a way to block
> people from accessing certain items in /proc.
>
> Webmaster wrote:
>
> > Try using suExec.
> >
> > Wim Godden wrote:
> > >
> > > Is there some way to limit Perl's access to the system ? My users
> > > shouldn't be able to retrieve information such as the CPU type, the
> > > amount of memory, etc. through cgi-scripts...
> > >
> > > ---------------------------------------------------------------------
> > > The official User-To-User support forum of the Apache HTTP Server Project.
> > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org