On Wed, Sep 25, 2002 at 10:23:28AM +0700, Hengky wrote: > i've already using a pop3 like Net::POP3 or even create a open port to > listen.
Net::POP3 is for connecting to a POP3 daemon, and "create a open port" sounds like you're trying to write a POP3 daemon. Which is it, are you the client, or the server? > but my script is on the pop3 server so if i have to login to myself it > useless. Connecting to a POP3 daemon on the same machine is perfectly valid, and will work just fine. I'm not sure why you're saying it's useless. > if i have to install setuid it's dangerous or not... ? It depends on your OS. > one of my friend say if i install setuid and setgid it's dangerous. > can somebody tell me where the dangerous is...? Elevating your privileges can be dangerous to the system if not done right. It can provide an avenue for attackers to gain access to resources they should not have access to. Frankly, if you have to ask if it's dangerous, then it's dangerous, and you shouldn't be attempting to deal with it until you're more knowledegable about it. There are many resources available to you to become knowledgeable, including perldoc perlsec, a Google search on 'secure programming', and I'm sure various books (though I can't name any, perhaps others on the list would be able to provide some names). This is by no means an exhaustive list. Read as much as you can so you can be aware of as many of the issues as possible. > because Michael say's the only way is using the setuid to change to the > equivalent user. > if the setuid is dangerous anything else that i can read the file with > permission depend on the login user I'm not really sure what you're asking here. Are you asking if there are alternatives? It seems you might have confused the two issues I was discussing in my last email; setuid bits on files, and the setuid() system call. They are two different things. The only way to set your uid to that of another user is with the setuid() system call, and the only user that can make that call is root. The setuid bits on a file are simply the method a program gains privileges different from that of the user that executed the program. For example, that is how you are able to su to root; the /bin/su program has a setuid bit on it, and the owner of the program is root, so when you run the program, the OS changes the program's uid from yours to root. Michael -- Administrator www.shoebox.net Programmer, System Administrator www.gallanttech.com -- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
