> I made a script that show /var/log/messages* when you
> press submit. But!!! It doesn't come out to the last
> when the file size is upper than the few MB.
>
> ... [SNIP] ...
>
> if ( $q->param( "show" ) ) {
> open( LOG, $q->param( "check" ) );
> @log = <LOG>;
> close( LOG );
> }
Err... /var/log/messages can be big, and putting the whole
lot into @log is going to take some time.
Secondly, you are allowing the user to open whatever file
they please. A user could put something like "rm -fr /*"
into the "check" parameter, then your script will kindly
execute that command as part of the open. I assume this is
for internal use only, but if you care about
/var/log/messages you might care about the security issues
too. Add the taint mode switch (-T) to the #! line.
> foreach ( @list = sort( </var/log/messages*> ) ) {
> $labels{ $_ } = $_;
> }
Is /var/log/messages* a file or a group of files? From the
context of the problem I assume it's a list of files. I
should read up on that :)
> [SNIP]
Using CGI scripts for system administration might be the
thing of the day, but perhaps a NFS read-only export of
/var/log/ might be more appropriate - then you can use the
various tools already written for surfing these huge files.
Even if you tackle the issue of the script being secure,
the general availablity of /var/log/messages to anyone is a
security risk. This file documents failure of parts of the
system software, and a cracker may use it to exploit any
security holes that may occur when this happens.
In summary... take care and have a good day :)
Jonathan Paton
__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
