On Tue, Apr 11, 2023 at 02:31:10PM -0500, Paul Gilmartin wrote: > On Tue, 11 Apr 2023 20:06:02 +0100, Colin Paice wrote:
> Do you trust the supplier? Even if it runs on a non-privileged ID, it can > do any harm that users can do to themselves. Would you run a script > that I supplied without a thorough audit? a. Would you run the script? b. Would you allow anyone on your system to run the script from any environmen they had access to with any input they could dream up? c. Would you allow anyone on the Internet to run the script with any input they could dream up? Different questions... ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
