formail (was moron at perl/cgi)
todd hewett
todd.hewett at regalhost.com
Thu Jan 12 12:12:07 MST 2006
There is a group called (I believe) the Perl Mongers that have rewritten
some of the scripts found on Matts script Archive in attempt to make them
more secure.
These scripts can be can be found here.
http://www.scriptarchive.com/nms.html
Hope this helps,
Todd
-----Original Message-----
From: plug-discuss-bounces at lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of Victor
Odhner
Sent: Thursday, January 12, 2006 7:07 AM
To: Main PLUG discussion list
Subject: Re: formail (was moron at perl/cgi)
Craig White wrote:
>Downloaded a simple perl-cgi script called ForMail.pl
>
>getting fast and loose with permissions...
>
>
I trust you know this, but ...
ForMail has some legendary security holes, due to its trust
of user data. Just google for formail exploit
to see 22 pages of references.
This script is a poster child for bad CGI usage.
Being under selinux would be no protection here.
Vic
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
More information about the PLUG-discuss
mailing list