[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 980330: netCDFPerl and CGI security

Subject: Re: 980330: netCDFPerl and CGI security
Date: Tue, 31 Mar 1998 08:55:53 -0700

Leonard,

>Date: Tue, 31 Mar 1998 08:48:28 -0700 (MST) 
>From: Leonard Sitongia <address@hidden>
>Organization: UCAR/NCAR/HAO
>To: address@hidden
>Subject: Re: 980330: netCDFPerl and CGI security 
>Keywords: 199803302218.PAA06829

In the above message, you wrote:

> |> Did you have anything in particular in mind?
> 
> Just the usual buffer overruns or other exploits which could be used
> to read/write system files.  That sort of thing.

Well, I can't guarantee that there aren't any buffer overrun problems --
but my programming style is to never get into a position where a buffer
overrun could occur (this is based on years of experience) so I'd be
very surprised if that could happen.

> There certainly
> is security built into the configuration of the web server, what files
> it can access, and what CGI scripts can do.  I suppose the biggest
> worry would be that a CGI could be made to rewrite the web server
> permissions configuration file.

I don't see how that could be done using NetCDFPerl.

--------
Steve Emmerson   <http://www.unidata.ucar.edu>

Prev by Date: Re: 980330: netCDFPerl and CGI security
Next by Date: Re: netCDF 331 Makefiles
Previous by thread: Re: 980330: netCDFPerl and CGI security
Next by thread: Re: netCDF 331 Makefiles
Index(es):
- Date
- Thread