You need to read up on tainted variables, I think. perldoc perlsec
The problem isn't that it is a CGI, pretty sure the problem is that it is setuid. http://danconia.org ------------------------------------------------ On Tue, 10 Dec 2002 07:20:16 -0800 (PST), Admin-Stress <[EMAIL PROTECTED]> wrote: > I got this error : > > [error] [client 10.0.0.88] Insecure $ENV{PATH} while running setuid at > /var/www/cgi-bin/ifcfg_rh80.pl line 60., referer: >http://10.0.0.50/cgi-bin/editconfig.pl > > And line 60 of ifcfg_rh80.pl is : > > system("/sbin/ifdown $device"); > sleep 2; > system("/sbin/ifup $device"); > > I chmoded +s both editconfig.pl and ifcfg_rh80.pl. > > And I installed suid-perl ... > > Anything else that I can do? I made a cgi to change server ip address. > > Thanks. > > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com > > -- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
