[webmasters] latest upgrades

BigBiz Internet Services (info@bigbiz.com)
Mon, 12 Jan 1998 12:31:52 -0800

> 
> We just upgraded perl and the webserver.  Read on if you write CGI
> scripts.
> 
> Perl has been upgraded from 5.003 to 5.004, we have noticed that 5.004
> does a much better job of tainted variable checking (read the perl
> manual on Tainted Data), and may cause a poorly written script to
> exit early.  Check your error log files for messages that look like
> "Insecure..." or "Insecurity...".  If this is the case you may want to
> check your scripts and untaint the variables it is complaining about
> or use the -U flag in your script (this is not a good idea since perl
> is telling you there is a loophole in your script which some 
> unscrupulous person can gain access to your account).
> 
> Please e-mail us if you have a problem with a perl script as a result
> of this upgrade that you have difficulty fixing.
> 
> We found a security hole in the webserver which allowed scripts to
> have group permissions on some server configuration files.  None of
> these files were writeable and there were no secret data there.  The
> problem has been fixed.  The hole only pertained to server administrator
> files, not users files, so your data is safe.
>