Prev Previous Post   Next Post Next
Old 25th August 2009, 15:43
xtian xtian is offline
Junior Member
Join Date: Aug 2009
Posts: 1
Thanks: 1
Thanked 0 Times in 0 Posts
Default Perl security

If one user installs a perl script in his cgi-bin (e.g. /web1/user1/), he as access to all other webs. This is a security risk - any idea how to prevent?
(ispconfig 3,, Ubuntu 8.04.1 Hardy Heron)

Perl sample to list all files in /var/www/

print "Content-type: text/html\n\n";

sub dir {
	my $current_folder = shift;
	my @all;

	chdir($current_folder) or die("Cannot access folder $current_folder");

	#Get the all files and folders in the given directory.
	my @both = glob("*");

	my @folders;
	foreach my $item (@both) {
		if(-d $item) { #Get all folders into another array - so that first the files will appear and then the folders.
		} else { #If it is a file just put it into the final array.

	foreach my $this_folder (@folders) {
		#Add the directory name to the return list - comment the next line if you don't want this feature.

		#Continue calling this function for all the folders
		my $full_path = "$current_folder/$this_folder";

		my @deep_items = dir($full_path); # :RECURSION:
		foreach my $item (@deep_items) {
	return @all;

my @all  = dir("/var/www/");
foreach my $item (@all) { 
	print "--- $item <br>\n";
Reply With Quote
Sponsored Links


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to install ISPConfig bdonecker Installation/Configuration 21 26th May 2009 09:20
Runaway Perl aws910 Server Operation 2 19th November 2007 18:24
SE linux problem when security context is modified raj123 Technical 1 28th June 2006 09:57
Perl and cgi script installation linuxuser1 General 30 27th April 2006 00:09
Perl non-printable chars and unwanted formatting spinoza Programming/Scripts 4 1st April 2006 21:30

All times are GMT +2. The time now is 11:35.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.