From: "Geo." 

"Randall Parker"
 wrote in
message news:3fa9a1fd$1{at}w3.nls.net...

> Why would shared source files for the scripts be a compromise if they
> are all read-only for us users? If we are each running in our own
> personal process context (which I assume is the case) then where does
> the vulnerability come in?

Lets say I setup a website for you on the server, what user context does a
perl script from your website run in? IUSER right? With that permission
level you now have access to every other website on the server, so you can
get into areas you have no business getting into (like the adult website
hosted next to you). You also have the capability to use server bandwidth
and cpu for something other than serving web pages. For example you could
easily write a ping flooder or a web spider using perl and then you've got
a DS3 worth of bandwidth to play with.

Geo.

--- BBBS/NT v4.01 Flag-5