On Wed, Apr 4, 2007 14:32, Mike Cossaboon <[EMAIL PROTECTED]> wrote:
I am running Tomcat 5.5.17 on Solaris 10 with Perl 5.8.4 installed. I
start my perl cgis with:
#!/usr/bin/perl -T
The -T is for Taint mode which I do to make the cgis more secure. With
a -T option, the web page is displayed with no text from my print
statements. If I remove the -T the perl cgis work fine. I would like
to keep the -T option. Is there a way to configure Tomcat to accept
Taint mode perl cgis?
The problem is almost certainly not with Tomcat. What is likely
happening is that the Perl interpreter is exiting with a fatal error
when the CGI you are trying to run tries to do something insecure.
(This error would usually be sent to your CGI's STDERR filehandle as
plain text). The solution is to either rewrite the insecure code in the
CGI to make it secure, or to tell Perl that it is OK to for the code to
perform potentially insecure operatings by *not* running the CGI in
Taint mode.
The essential point to keep in mind is this: -T does not make your CGIs
more secure, it just terminates your CGI if it tries to do any of the
bad things that "-T" checks for.
For more information, see http://perldoc.perl.org/perlsec.html
Mark Montague
ITCS Web/Database Production Team
The University of Michigan
[EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
