Project

General

Profile

Actions

Feature #1685

closed

perl taint check

Added by Anonymous almost 15 years ago. Updated over 14 years ago.

Status:
Wontfix
Priority:
Normal
Category:
mod_cgi
Target version:
ASK QUESTIONS IN Forums:

Description

To get Perl's taint mode working with mod_cgi, we have to use something like
cgi.assign = (".pl" => ""), what can be dangerous in some cases. Something like Apaches
"PerlTaintCheck On"-Option for lighttpd would be nice.

Actions #1

Updated by Anonymous almost 15 years ago

echo "#!/bin/sh\nexec perl -T $@" > /usr/sbin/perl-taint-cgi
chmod a+rx /usr/sbin/perl-taint-cgi

cgi.assign = ( ".pl" => "/usr/sbin/perl-taint-cgi" )

back in the good old days people had been creative themself.

Actions #2

Updated by hoffie almost 15 years ago

/me was too slow.
Just wanted to say the same, plus: No other programming language has any specific config options in lighty, so I don't think we should add any. One could argue about somehow adding support for parameters, but that might have an impact on backward-compatibility.
So, I'd say, stay with the wrapper script.

Actions #3

Updated by hoffie almost 15 years ago

  • Status changed from New to Fixed
  • Resolution set to wontfix
Actions #4

Updated by stbuehler over 14 years ago

  • Status changed from Fixed to Wontfix
Actions

Also available in: Atom