From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <serpiph@nikiet.ru>
From: Epiphanov Sergei <serpiph@nikiet.ru>
To: Sisyphus <sisyphus@altlinux.ru>
Subject: Re: [sisyphus] Re: Q: perl security, CPAN security
User-Agent: KMail/1.8.1
References: <20050626090644.GB31585@solemn.turbinal.org>
	<200506271455.45144.serpiph@nikiet.ru>
	<20050627112900.GL31585@solemn.turbinal.org>
In-Reply-To: <20050627112900.GL31585@solemn.turbinal.org>
MIME-Version: 1.0
Content-Disposition: inline
Date: Mon, 27 Jun 2005 16:11:00 +0400
Content-Type: text/plain;
  charset="koi8-r"
Message-Id: <200506271611.00693.serpiph@nikiet.ru>
Content-Transfer-Encoding: quoted-printable
X-BeenThere: sisyphus@altlinux.ru
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: ALT Linux Sisyphus discussion list <sisyphus@altlinux.ru>
List-Id: ALT Linux Sisyphus discussion list <sisyphus.altlinux.ru>
List-Unsubscribe: <https://lists.altlinux.ru/mailman/listinfo/sisyphus>,
	<mailto:sisyphus-request@altlinux.ru?subject=unsubscribe>
List-Archive: <http://lists.altlinux.ru/pipermail/sisyphus>
List-Post: <mailto:sisyphus@altlinux.ru>
List-Help: <mailto:sisyphus-request@altlinux.ru?subject=help>
List-Subscribe: <https://lists.altlinux.ru/mailman/listinfo/sisyphus>,
	<mailto:sisyphus-request@altlinux.ru?subject=subscribe>
X-List-Received-Date: Mon, 27 Jun 2005 12:09:26 -0000
Archived-At: <http://lore.altlinux.org/sisyphus/200506271611.00693.serpiph@nikiet.ru/>
List-Archive: <http://lore.altlinux.org/sisyphus/>

=F7 =D3=CF=CF=C2=DD=C5=CE=C9=C9 =CF=D4 27 =E9=C0=CE=D8 2005 15:29 Alexey =
Tourbin =CE=C1=D0=C9=D3=C1=CC:
> On Mon, Jun 27, 2005 at 02:55:44PM +0400, Epiphanov Sergei wrote:
> =F7=D9 =D0=CF=CE=C9=CD=C1=C5=D4=C5, =DE=D4=CF =DC=D4=CF *=D4=CF=CC=D8=CB=
=CF =C4=CC=D1 =D2=D5=D4=C1* =D0=D2=C5=C4=CC=C1=C7=C1=C5=D4=D3=D1 =D3=C4=C5=
=CC=C1=D4=D8?
> =F5 =D7=C1=D3 apache =C9=D3=D0=CF=CC=CE=D1=C5=D4 =D0=C5=D2=CC=CF=D7=D9=CA=
 =CB=CF=C4 =D3 =D0=D2=C1=D7=C1=CD=C9 =D2=D5=D4=C1?
=FE=D4=CF =D6, =DA=C4=C5=D3=D8 =D0=CF=C7=CF=D2=D1=DE=C9=CC=D3=D1... =E8=CF=
=D4=D1 =C9=CE=CF=C7=C4=C1 =DA=C1=D0=D5=D3=CB=C1=C0. =E4=CC=D1 =D7=D9=D7=CF=
=C4=C1 =D3=D4=C1=D4=C9=DE=CE=CF=CA=20
=D4=C5=D3=D4=CF=D7=CF=CA =C9=CE=C6=CF=D2=CD=C1=C3=C9=C9.
> > > $ perl test.pl arg
> > > /usr/bin/=CB=CF=CD=C1=CE=C4=C1 'arg'
> > > $ perl test.pl arg\'\;rm\ -rf\ \'/
> > > /usr/bin/=CB=CF=CD=C1=CE=C4=C1 'arg';rm -rf '/'
> > > $
> >
> > =EE=CF =DC=D4=C9 =D6=C5 =CB=CF=CD=C1=CE=C4=D9 =F7=D9 =CE=C1=C2=C9=D2=C1=
=C5=D4=C5 =D3=C1=CD=C9! =F3=D4=C1=CC=CF =C2=D9=D4=D8, =CD=CF=D6=CE=CF =D0=
=D2=CF=D7=C5=D2=C9=D4=D8 =DE=D4=CF
> > =CE=C1=C2=C9=D2=C1=C5=D4=C5. =F0=CF=D7=D4=CF=D2=D1=C0: =C4=CC=D1 _=CC=
=C9=DE=CE=CF=C7=CF_ =D0=CF=CC=D8=DA=CF=D7=C1=CE=C9=D1. =F1 =D0=C9=DB=D5 =D0=
=CF=C4=CF=C2=CE=CF=C5 =C4=CC=D1
> > =CF=C2=D2=C1=C2=CF=D4=CB=C9 =F3=F7=EF=E9=E8 =C6=C1=CA=CC=CF=D7 =D7 =CB=
=C1=D4=C1=CC=CF=C7=C5, =D0=D2=C5=C4=D7=C1=D2=C9=D4=C5=CC=D8=CE=CF =D0=D2=CF=
=D3=CD=CF=D4=D2=C5=D7 =CE=C1=D0=C9=D3=C1=CE=C9=C5
> > =C9=C8 =C9=CD=A3=CE.
>
> =EF=C4=CE=C1=CB=CF =D6=C5 =D0=CF=CC=CE=CF=CD=CF=DE=C9=D1 =D2=D5=D4=C1 =D7=
=D9=C8=CF=C4=D1=D4 =DA=C1 =D0=D2=C5=C4=C5=CC=D9 =F3=F7=EF=E9=E8 =C6=C1=CA=
=CC=CF=D7 =D7 =CB=C1=D4=C1=CC=CF=C7=C5.
=FA=CE=C1=C0, =DE=D4=CF =D7=D9=C8=CF=C4=D1=D4. =EE=CF =C4=CC=D1 =DC=D4=CF=
=C7=CF =C9 =D3=D5=DD=C5=D3=D4=D7=D5=C5=D4 =C7=CF=CC=CF=D7=C1, =DE=D4=CF=C2=
=D9 =C5=CA =C4=D5=CD=C1=D4=D8, =C1 =CE=C5=20
=D4=CF=CC=D8=CB=CF =C5=D3=D4=D8. :)
> =F7 =D3=D5=DD=CE=CF=D3=D4=C9, =CE=C5=CB=CF=D4=CF=D2=D9=C5 =D0=D2=CF=C7=D2=
=C1=CD=CD=D9 =D0=D2=CF=D3=D4=CF =CF=D4=CB=C1=DA=D9=D7=C1=C0=D4=D3=D1 =DA=C1=
=D0=D5=D3=CB=C1=D4=D8=D3=D1 =CF=D4 =D2=D5=D4=C1.
> =EB=C1=D6=C5=D4=D3=D1, =D2=C1=CE=D8=DB=C5 perldoc =CE=C5 =DA=C1=D0=D5=D3=
=CB=C1=CC=D3=D1 =CF=D4 =D2=D5=D4=C1.  =F7 elinks'=C5 =C5=D3=D4=D8 =CF=D0=C3=
=C9=D1
> configure
>   --enable-no-root        enable prevention of usage by root
>
> =FA=C1=D0=D5=D3=CB=C1=D4=D8 =CE=C5=D4=D2=C9=D7=C9=C1=CC=D8=CE=D5=C0 =D0=
=D2=CF=C7=D2=C1=CD=CD=D5 =CF=D4 =D2=D5=D4=C1 -- =CE=C5=C2=C5=DA=CF=D0=C1=D3=
=CE=CF, =D0=D2=C9=CE=D5=C4=C9=D4=C5=CC=D8=CE=CF
> =DA=C1=D0=D2=C5=DD=C1=D4=D8 =C5=A3 =DA=C1=D0=D5=D3=CB=C1=D4=D8 -- =C7=CC=
=D5=D0=CF.  =F7 =D0=C5=D2=CC=C5 =C5=D3=D4=D8 =D2=C1=DA=D5=CD=CE=C1=D1 =C1=
=CC=D8=D4=C5=D2=CE=C1=D4=C9=D7=C1 --
> taint mode.
=E1=C7=C1, =C7=C1=CA=CB=C9 =DA=C1=CB=D2=D5=D4=C9=CC=C9 =D3 =CC=CF=CB=C1=CC=
=D8=C0 =D2=D5=D4=C1, =D0=D2=C9=DB=CC=CF=D3=D8 =C9=C8 =D3=CD=C1=DA=D9=D7=C1=
=D4=D8 =C9=DA-=DA=C1 =CE=CF=D7=CF=C7=CF mc.=20
=F4=C5=D0=C5=D2=D8 =CE=C5=CF=C2=C8=CF=C4=C9=CD=CF =C2=D5=C4=C5=D4 =D0=D2=CF=
=D7=C5=D2=D1=D4=D8 =D7=D3=C5 =D3=D7=CF=C9 =D0=D2=CF=C7=D2=C1=CD=CD=D9 =CE=
=C1 =D2=C1=C2=CF=D4=D5 =D7 =D2=C5=D6=C9=CD=C5=20
taint... =F0=D2=C1=D7=C4=C1, =C9=C8 =CF=DE=C5=CE=D8 =CD=C1=CC=CF.
> > =F5 =CD=C5=CE=D1 umask 077 =C4=CC=D1 =CE=C5-root. =F3=D4=C1=CC=CF =C2=
=D9=D4=D8, =D0=CF=D3=CC=C5 =F7=C1=DB=C5=CA =D5=D3=D4=C1=CE=CF=D7=CB=C9 =CE=
=C9=CB=D4=CF =CE=C5
> > =D0=CF=CC=D5=DE=C9=D4 =C4=CF=D3=D4=D5=D0 =CB =CD=CF=C4=D5=CC=D1=CD, =C5=
=D3=CC=C9 =D3=D0=C5=C3=C9=C1=CC=D8=CE=CF =CE=C5 =C4=A3=D2=C7=C1=D4=D8=D3=D1=