Feature #1685
closedperl taint check
Description
To get Perl's taint mode working with mod_cgi, we have to use something like
cgi.assign = (".pl" => ""), what can be dangerous in some cases. Something like Apaches
"PerlTaintCheck On"-Option for lighttpd would be nice.
Updated by Anonymous almost 15 years ago
echo "#!/bin/sh\nexec perl -T $@" > /usr/sbin/perl-taint-cgi
chmod a+rx /usr/sbin/perl-taint-cgi
cgi.assign = ( ".pl" => "/usr/sbin/perl-taint-cgi" )
back in the good old days people had been creative themself.
Updated by hoffie almost 15 years ago
/me was too slow.
Just wanted to say the same, plus: No other programming language has any specific config options in lighty, so I don't think we should add any. One could argue about somehow adding support for parameters, but that might have an impact on backward-compatibility.
So, I'd say, stay with the wrapper script.
Updated by hoffie almost 15 years ago
- Status changed from New to Fixed
- Resolution set to wontfix
Also available in: Atom