Craig White wrote:
>Downloaded a simple perl-cgi script called ForMail.pl
>
>getting fast and loose with permissions...
>
>
I trust you know this, but ...
ForMail has some legendary security holes, due to its trust
of user data. Just google for formail exploit
to see 22 pages of references.
This script is a poster child for bad CGI usage.
Being under selinux would be no protection here.
Vic
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss