Configuration Problem Questions1. I have put getcomments.pl into place. Now when I try to execute it by submitting a form, I get an error like "Error 500 Internal error: execve() failed". What's going wrong?
2. After submitting I form to Getcomments, I get a message starting with "
3. After submitting I form to Getcomments, I get a message starting with "
4. <something> works when I try running getcomments.pl from the command line, but doesn't work when I do it from the form. Why is this?
Configuration Problem Answers1. It sounds like your server could not locate Perl. Here is what you do:
3. It sounds like your file permissions are wrong somewhere. The files that Getcomments changes need to be writable by whatever user/group your server runs as when accessing pages. So make sure your comment directory has the "x" bit set for the world (try "chmod +x <comment dir>") and your "count" file has the "w" bit set for the world (try "chmod +w count")
4. It sounds like your file permissions are wrong somewhere. Remember that the permissions need to be set for user/group your server runs as when accessing pages, or the world. The configuration "out of the box" should be correct.
Getcomments Possibilities Answers1. No. But I welcome any ports to non-Unix machines.
Miscellaneous Answers1. I answered:
As a researcher in computer security I would say there is reason to take note of the situation and it is good that you are interested. However you probably don't need to worry too much. If as is the default setup, the only thing in the publicly writable directory is the comments and the count of the number of comments, the degree of potential damage is limited. Possible bad happenings from the outside: 1) New files being added to the directory. The means by which to do this are limited presently, however theoretically possible. 2) Garbage added to the comments file. This can be done through legitimate means. After all, when you ask for comments, you invite people to append their text to your file. 3) Files being deleted in the directory. Similar to 1). If you are real concerned, make backups regularly. Threats from people who have accounts on your system or crackers that have broken into your system are more realistic as any of the 3 things above can easily be achieved. Unfortunately, under UNIX there really isn't anything that can be done.