SourceFiles.org - Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Sponsored Links

Latest News
  General News
  Reviews
  Press Releases
  Software
  Hardware
  Security
  Tutorials
  Off Topic


Back to files

$Id: README,v 1.4 2004/12/14 18:12:59 nangel Exp $

haserl (Html And Shell Embedded Runtime Language) is a cgi program that runs interpreted scripts. It combines three elements into a single CGI interpreter:

  1. It parses POST and GET requests, placing form-elements as name=value pairs into the environment for the CGI script to use. It is similar to uncgi (http://www.midwinter.com/~koreth/uncgi.html) in this respect
  2. It prints the contents of the script as html, and conditionally interpets text within <? ... ?> as shell script. In this case haserl scripts are like a poor-man's version of PHP (http://www.php.net)
  3. It is very small, and so can be used in embedded environments

# SECURITY ADVISORY #######################################

As of version 0.6.0, haserl adds a variable prefix to all variables sent from the client. This defaults to US_, but can be set to anything with the --enable-variable-prefix= configure command.

If you want to use the old way of doing things, you must disable this feature with --disable-variable-prefix

--

As of version 0.7.0, haserl will attempt to set its uid/gid to the owner/group of the /script/ it is running as. This is similar to Apache's suexec feature. Haserl must be installed suid root root for this to work:

        #chown root:root haserl
        #chmod 6755 haserl

This may not work on non-Linux OSses, BSD, OSX, etc.

! haserl is NOT installed suid root by default, you must do this yourself. !

--

As of version 0.7.0, haserl will REFUSE to accept file uploads to /tmp if a "u" does not appear on the script command line:

#!/usr/local/bin/haserl -u
#!/usr/local/bin/haserl uploads-ok
#!/usr/local/bin/haserl u

will all work, although the first case is prefered.


Sponsored Links

Discussion Groups
  Beginners
  Distributions
  Networking / Security
  Software
  PDAs

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 Sourcefiles.org All rights reserved.