perl-embperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gerald Richter" <>
Subject Re: Security issue
Date Tue, 09 Jul 2002 06:30:01 GMT
>/usr/local/public/virtualdomains/archangl/archangelqnet/cgi-bin/embperl/emb as input using PerlIO (909 >Bytes)...
>Ok, now, it was my impression that it would only read documents within
>the DOCUMENT_ROOT, and considering that the document root for this dom

No, it does the same transformation from the URL to the file as for every
other request. So when you have an Alias in your httpd.conf it will follow
it, as for a normal request.

This problem have come up some years ago and to avoid these security
problems we have add the EMBPERL_ALLOW directive. You say for example

Embperl_Allow "\.epl$"

and Embperl will only serve documents which has the extention .epl


P.S. In 1.3.4 you need the SetEnv before the EMBPERL_ALLOW

Gerald Richter    ecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting

Post:       Tulpenstrasse 5         D-55276 Dienheim b. Mainz
E-Mail:         Voice:    +49 6133 925131
WWW:      Fax:      +49 6133 925152

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message