Project

General

Profile

Feature #1685

perl taint check

Added by Anonymous over 11 years ago. Updated almost 11 years ago.

Status:
Wontfix
Priority:
Normal
Assignee:
-
Category:
mod_cgi
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Missing in 1.5.x:

Description

To get Perl's taint mode working with mod_cgi, we have to use something like
cgi.assign = (".pl" => ""), what can be dangerous in some cases. Something like Apaches
"PerlTaintCheck On"-Option for lighttpd would be nice.

History

#1

Updated by Anonymous over 11 years ago

echo "#!/bin/sh\nexec perl -T $@" > /usr/sbin/perl-taint-cgi
chmod a+rx /usr/sbin/perl-taint-cgi

cgi.assign = ( ".pl" => "/usr/sbin/perl-taint-cgi" )

back in the good old days people had been creative themself.

#2

Updated by hoffie over 11 years ago

/me was too slow.
Just wanted to say the same, plus: No other programming language has any specific config options in lighty, so I don't think we should add any. One could argue about somehow adding support for parameters, but that might have an impact on backward-compatibility.
So, I'd say, stay with the wrapper script.

#3

Updated by hoffie over 11 years ago

  • Status changed from New to Fixed
  • Resolution set to wontfix
#4

Updated by stbuehler almost 11 years ago

  • Status changed from Fixed to Wontfix

Also available in: Atom