perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Perrin Harkins <per...@elem.com>
Subject Re: mod_perl File Extension Configuration instead of a Path Configuration
Date Mon, 03 May 2004 16:48:18 GMT
On Mon, 2004-05-03 at 12:39, JupiterHost.Net wrote:
> IE: it would be just as dangerouse as running a regular perl or shell or 
> OTHER_LANGUAGE_HERE script in their home dir, correct?
[...]
> mod_perl scripts are run with the permissions of the user correct?
> IE if Apache its 'nobody' or otherwsie (getpwuid($>))[0]

No, when you run things with mod_perl, they run in the apache server
process.  They will always have the same permissions as the apache
server.  It is not safe to run untrusted scripts under mod_perl.  (There
is all kinds of hand-waving about using Safe or something, but the only
thing I would trust is an entirely separate server running as an
unprivileged user.)

More info on configuration options is available here:
http://perl.apache.org/docs/1.0/guide/config.html

If you want to just run .pl scripts under specific directories through
mod_perl, the docs there will tell you how (using a <FilesMatch>
directive).

- Perrin


-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html


Mime
View raw message