Tom McKellips wrote:
Yes I have tried that and still nothing works. This is a CGI script and setuid also using setuidperl -T and the directory is 777. This is the line out of the script I am working with that is coausing me such a headache.The -T is turning on "taint" mode and I believe it may be the source of your problems. Have you read?
The print statement corrctly show what directory is to be created as displayed on my browser.
print "<p>$rootdir/$FORM{'signup_username'}\n";
mkdir("$rootdir/$FORM{'signup_username'}",0777)
BUt then the script dies on the mkdir statment. I tried printing the $! after the or die but I get no further than this line. If change the varable to an actual name such as /home/tom then it works just fine and continues to execute the script.
perldoc perlsec
Because your input is coming from "outside" of the script (aka user input) then Perl thinks that the hash (%FORM) is "tainted" and it will not allow you to execute something like a mkdir until that value is untainted, aka you have to convince Perl that you have sufficiently checked it and nothing bad can come of it executing the mkdir. What was the message from the 'die'?? It should be available in the server's error logs. If you don't have access to the log then try the more wordy construct of:
if (! (mkdir("$rootdir/$FORM{'signup_username'}",0777)) {
# print header if it hasn't been already
print "Error: $!";
exit;
}
I would think this should still work even with taint on since that is the reason why mkdir is dieing.
Assuming of course that I am right, which is hard to say...
http://danconia.org
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
