If you have time, please read the following article. If you use
FormMail.cgi, then let me suggest that it's required reading.
http://www.newsbytes.com/news/02/174174.html
For beginning Perl/CGI programmers, this is good information to have. When I
first started using CGIs, I used FormMail frequently, and I still have a few
sites that employ a more feature-rich hack of the program called BFormMail.
It's not necessarily just the script that is the problem; it is also how it
is installed. If you choose to use this freeware CGI rather than writing
your own code, make sure you run it SUID (on UNIX/Linux systems). If that
sounds intimidating, it's not. It's a relatively painless process:
1. Log on to your UNIX web hosting account
with your secure shell. (You have SSH
access, right?) :-)
2. Find the directory where you have the
script (probably cgi-bin, although if
you can run scripts in another directory,
that may frustrate some newer crackers).
3. Change the permissions of the directory
to SUID:
chmod 4711 <dirname>
4. Change the permissions of the CGI script
to SUID (from within the cgi directory):
chmod 4711 FormMail.cgi
5. Change the shebang line (line 1) of your
FormMail script:
Old way:
#!/usr/bin/perl
New way:
#!/usr/bin/perl -U
This tells your script that it will run
the script as the authorized user, and
any attempts to run it by an outside
entity will be denied. Not due to any
security built into the script, but rather
the existing security mechanisms on *NIX.
-----
Scot Robnett
inSite Internet Solutions
Square West Center
454 West Jackson Street
Woodstock, IL 60098
(815)206-2907 office
(815)342-6480 mobile
[EMAIL PROTECTED]
http://www.insiteful.tv
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.317 / Virus Database: 176 - Release Date: 1/21/2002
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
