[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 980330: netCDFPerl and CGI security
- Subject: Re: 980330: netCDFPerl and CGI security
- Date: Tue, 31 Mar 1998 08:55:53 -0700
Leonard,
>Date: Tue, 31 Mar 1998 08:48:28 -0700 (MST)
>From: Leonard Sitongia <address@hidden>
>Organization: UCAR/NCAR/HAO
>To: address@hidden
>Subject: Re: 980330: netCDFPerl and CGI security
>Keywords: 199803302218.PAA06829
In the above message, you wrote:
> |> Did you have anything in particular in mind?
>
> Just the usual buffer overruns or other exploits which could be used
> to read/write system files. That sort of thing.
Well, I can't guarantee that there aren't any buffer overrun problems --
but my programming style is to never get into a position where a buffer
overrun could occur (this is based on years of experience) so I'd be
very surprised if that could happen.
> There certainly
> is security built into the configuration of the web server, what files
> it can access, and what CGI scripts can do. I suppose the biggest
> worry would be that a CGI could be made to rewrite the web server
> permissions configuration file.
I don't see how that could be done using NetCDFPerl.
--------
Steve Emmerson <http://www.unidata.ucar.edu>