On Tue, 6 Jun 2000, ___cliff rayman___ wrote:
> here is something posted to p5p today.
> looks like a good place to start Stas's challenge.
> Benjamin Elijah Griffin wrote:
>
> > In alt.hackers a while ago I saw this .sig:
> >
> > #!/usr/bin/perl
> > $j=\$j;{$_=unpack(P25,pack(L,$j));/Just Another Perl Wannabe/?print:$j++&&redo}
> >
> > It occured to me after the xlockmore stuff in bugtraq recently that
> > having a way to get a pointer in perl and roam around memory looking
> > for stuff might pose a security problem for embeded perl, eg:
> > a mod_perl script that roams around apache reading passwords stored
> > still in memory.
> >
> > Is this something to worry about?
> >
> > Benjamin
It talks about user being able to run arbitrary Perl code thru your CGI,
look at this reply:
From: Jan Dubois <[EMAIL PROTECTED]>
I don't think so. You should never let people execute arbitrary code on
your web server anyways. If you do, then the potential intruder can do
much more nasty things than just snooping around in memory.
-Jan
_____________________________________________________________________
Stas Bekman JAm_pH -- Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide http://perl.apache.org/guide
mailto:[EMAIL PROTECTED] http://perl.org http://stason.org/TULARC
http://singlesheaven.com http://perlmonth.com http://sourcegarden.org
