On Mon, 2004-05-03 at 12:39, JupiterHost.Net wrote: > IE: it would be just as dangerouse as running a regular perl or shell or > OTHER_LANGUAGE_HERE script in their home dir, correct? [...] > mod_perl scripts are run with the permissions of the user correct? > IE if Apache its 'nobody' or otherwsie (getpwuid($>))[0]
No, when you run things with mod_perl, they run in the apache server process. They will always have the same permissions as the apache server. It is not safe to run untrusted scripts under mod_perl. (There is all kinds of hand-waving about using Safe or something, but the only thing I would trust is an entirely separate server running as an unprivileged user.) More info on configuration options is available here: http://perl.apache.org/docs/1.0/guide/config.html If you want to just run .pl scripts under specific directories through mod_perl, the docs there will tell you how (using a <FilesMatch> directive). - Perrin -- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
