Re: formail (was moron at perl/cgi)

Etusivu
Liitteet:
Viesti alkuperäisessä muodossaan
+ (text/plain)
Poista viesti
Vastaa
Lähettäjä: Victor Odhner
Päiväys:  
Vastaanottaja: Main PLUG discussion list
Vanhat otsikot: moron at perl/cgi
Aihe: Re: formail (was moron at perl/cgi)
Craig White wrote:

>Downloaded a simple perl-cgi script called ForMail.pl
>
>getting fast and loose with permissions...
>
>

I trust you know this, but ...


ForMail has some legendary security holes, due to its trust
of user data. Just google for formail exploit
to see 22 pages of references.
This script is a poster child for bad CGI usage.
Being under selinux would be no protection here.

Vic

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss