Feature #1685
closedperl taint check
Description
To get Perl's taint mode working with mod_cgi, we have to use something like
cgi.assign = (".pl" => ""), what can be dangerous in some cases. Something like Apaches
"PerlTaintCheck On"-Option for lighttpd would be nice.
Updated by Anonymous almost 17 years ago
echo "#!/bin/sh\nexec perl -T $@" > /usr/sbin/perl-taint-cgi
chmod a+rx /usr/sbin/perl-taint-cgi
cgi.assign = ( ".pl" => "/usr/sbin/perl-taint-cgi" )
back in the good old days people had been creative themself.
Updated by hoffie almost 17 years ago
/me was too slow.
Just wanted to say the same, plus: No other programming language has any specific config options in lighty, so I don't think we should add any. One could argue about somehow adding support for parameters, but that might have an impact on backward-compatibility.
So, I'd say, stay with the wrapper script.
Updated by hoffie almost 17 years ago
- Status changed from New to Fixed
- Resolution set to wontfix
Updated by gstrauss over 1 year ago ยท Edited
- Description updated (diff)
- Status changed from Wontfix to Fixed
- Target version deleted (
1.5.0) - ASK QUESTIONS IN Forums set to No
Set PERL5OPT=-T in the environment before starting lighttpd, or with mod_setenv setenv.set-environment
man perlrun
Also available in: Atom