Re: NT Security (PERL)

• To: Jason_Feilbach@byu.edu, www-security@ns2.Rutgers.edu
• Subject: Re: NT Security (PERL)
• From: Enrico Cantu <ecantu@uh.edu>
• Date: Sun, 19 May 1996 10:07:24 -0500
• In-Reply-To: <E4D9C773BD@rel1.byu.edu>

At 12:28 PM  +0000 5/17/96, Jason M. Feilbach wrote:
>I have recently read about the lack of security on Microsoft and
>Apple operating systems when using webserver software and have PERL
>services enabled. I cannot however, find any solution to the problem
>mentioned. Nor is their a workaround. The only solution is to disable
>(remove) PERL (perl.exe) which is not viable as these services are
>important. We have many NT (v3.51) servers running Netscape 1.13.
>
>The information is available on the bug at:
>http://www.perl.com/perl/news/latro-announce.htm

The problem is NOT perl, the problem is the way that perl has been
implemented on these machines.  A perl binary has no place in cgi-bin!  The
approprite configuration is to have the server launch the perl interpreter
on a request for foo.pl (where foo.pl is the plaintext script) much like a
UNIX-based httpd.  I don't speak NT, so I can't give specifics, but the
problem is neither perl nor Apple/NT.

Rico



--
Out the 10Base-T, off the bridge, round the token-ring, past the firewall,
 through the router, down the T1, over the leased line ... nothing but Net.
ecantu@uh.edu  http://www.bchs.uh.edu/~ecantu/  GC at chembb@menudo.uh.edu
 Department of Biochemical and Biophysical Sciences, University of Houston

• Re: NT Security (PERL)
• From: David Tauzell <tauzell@math.umn.edu>

• NT Security (PERL)
• From: "Jason M. Feilbach" <JMFEILBA@rel1.byu.edu>

• Previous: CGI Security Problem (fwd)
• Next: Re:Macintosh Web Server Issues
• Index(es):
  • Index
  • Thread