perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Perrin Harkins <>
Subject Re: mod_perl File Extension Configuration instead of a Path Configuration
Date Mon, 03 May 2004 16:48:18 GMT
On Mon, 2004-05-03 at 12:39, JupiterHost.Net wrote:
> IE: it would be just as dangerouse as running a regular perl or shell or 
> OTHER_LANGUAGE_HERE script in their home dir, correct?
> mod_perl scripts are run with the permissions of the user correct?
> IE if Apache its 'nobody' or otherwsie (getpwuid($>))[0]

No, when you run things with mod_perl, they run in the apache server
process.  They will always have the same permissions as the apache
server.  It is not safe to run untrusted scripts under mod_perl.  (There
is all kinds of hand-waving about using Safe or something, but the only
thing I would trust is an entirely separate server running as an
unprivileged user.)

More info on configuration options is available here:

If you want to just run .pl scripts under specific directories through
mod_perl, the docs there will tell you how (using a <FilesMatch>

- Perrin

Report problems:
Mail list info:
List etiquette:

View raw message