HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (
-   General (
-   -   Perl security (

xtian 25th August 2009 15:43

Perl security
If one user installs a perl script in his cgi-bin (e.g. /web1/user1/), he as access to all other webs. This is a security risk - any idea how to prevent?
(ispconfig 3,, Ubuntu 8.04.1 Hardy Heron)

Perl sample to list all files in /var/www/


print "Content-type: text/html\n\n";

sub dir {
        my $current_folder = shift;
        my @all;

        chdir($current_folder) or die("Cannot access folder $current_folder");

        #Get the all files and folders in the given directory.
        my @both = glob("*");

        my @folders;
        foreach my $item (@both) {
                if(-d $item) { #Get all folders into another array - so that first the files will appear and then the folders.
                } else { #If it is a file just put it into the final array.

        foreach my $this_folder (@folders) {
                #Add the directory name to the return list - comment the next line if you don't want this feature.

                #Continue calling this function for all the folders
                my $full_path = "$current_folder/$this_folder";

                my @deep_items = dir($full_path); # :RECURSION:
                foreach my $item (@deep_items) {
        return @all;

my @all  = dir("/var/www/");
foreach my $item (@all) {
        print "--- $item <br>\n";

till 25th August 2009 15:51

Use the svn version from ispconfig which has a high security mode setting which should be able to prevent this. If this is a production server you should wait for the release, which will contain the new mode as well. Also make sure that you enabled suexec.

All times are GMT +2. The time now is 08:58.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.