Project

General

Profile

Actions

Feature #1685

closed

perl taint check

Added by Anonymous about 16 years ago. Updated 6 months ago.

Status:
Fixed
Priority:
Normal
Category:
mod_cgi
Target version:
-
ASK QUESTIONS IN Forums:
No

Description

To get Perl's taint mode working with mod_cgi, we have to use something like
cgi.assign = (".pl" => ""), what can be dangerous in some cases. Something like Apaches
"PerlTaintCheck On"-Option for lighttpd would be nice.

Actions #1

Updated by Anonymous about 16 years ago

echo "#!/bin/sh\nexec perl -T $@" > /usr/sbin/perl-taint-cgi
chmod a+rx /usr/sbin/perl-taint-cgi

cgi.assign = ( ".pl" => "/usr/sbin/perl-taint-cgi" )

back in the good old days people had been creative themself.

Actions #2

Updated by hoffie about 16 years ago

/me was too slow.
Just wanted to say the same, plus: No other programming language has any specific config options in lighty, so I don't think we should add any. One could argue about somehow adding support for parameters, but that might have an impact on backward-compatibility.
So, I'd say, stay with the wrapper script.

Actions #3

Updated by hoffie about 16 years ago

  • Status changed from New to Fixed
  • Resolution set to wontfix
Actions #4

Updated by stbuehler over 15 years ago

  • Status changed from Fixed to Wontfix
Actions #5

Updated by gstrauss 6 months ago ยท Edited

  • Description updated (diff)
  • Status changed from Wontfix to Fixed
  • Target version deleted (1.5.0)
  • ASK QUESTIONS IN Forums set to No

Set PERL5OPT=-T in the environment before starting lighttpd, or with mod_setenv setenv.set-environment

man perlrun

Actions

Also available in: Atom