-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Siddhartha Basu
Sent: Monday, February 21, 2005 8:34 PM
To: [email protected]
Subject: Re: [ilug-cal] Login expiration
Hi,
On Mon, 21 Feb 2005 10:36:53 +0530, Rajiv Lodha <[EMAIL PROTECTED]>
wrote:
> Hi,
>
> "Well, if you are careful to link your binary staticly"
>
> Programmers (or atleast me) are very lazy, just to avoid any package
> dependency,
Correct me if i wrong, the differences for staticaly linked binary as
is see are file size increase and choosing the appropiate linking
library during compile time. So, you could be lazy and produce
staticaly linked binaries. Moreover, static linking also gives you the
luxury of not documenting all of your dependency.
I wonder why linux kernel is provided as source and not as a statically
linked binary.
> i use the full install option in FC / RH . ;-)
>
> "Why is a shell script _always_ to be preferred over a binary"?
>
> Sorry, let me correct, not a "Shell Script", but any script ..
>
> Generally ... web masters or hosting providers dont allow us to
> use/execute binaries on there servers, so a lot of task needs to be
> ported on to "scripts" (Shell, perl, batch files, vbs etc) .
>
> Also, the content of a binary cannot be reviewed without executing,
> what if the loop goes forever, it will jst bring down the server etc.
> but with a script ... you can see the codes, if there are no logical
> errors, you can schedule them on your webservers.
I see your point. But lets examine another point of view. The entire
webserver is running on binaries and they are accepting it on the
basis of trust. I don't think they review each and every source code,
compile and execute thereafter. So,they might accept binaries
depending on the source. Moreover, there might be a situation which
demands binaries. The service provider could easily review your
source code and if satisfied just execute your makefile and they are
done.
There is a "little" difference between the binaries which the Apache or PHP
Group provides, or the binaries which a local guy (like me) provides.
>
> Also, for security reasons, what if the executable carries out some
> different job on your machine (shutdown -h now, reboot) ??
I don't think a properly configured and sercured web service provider
will give any user the privillege to execute such important system
command and others. Moreover, they also restrict your resource, the no
of background processes you could run at a time.
Ok shutdown -h now wont be allowed, but what about this - ?
1.
While(true)
{
fprintf(fFilePointer,"This is a rainy day");
}
or say
2.
main()
{
main();
}
Or this (WCS) -
3.
main()
{
//get the idea, syntax is wrong
typedef struct x objSt[500000];
for(i=1;i<500000;i++)
{
objSt[i] = malloc(sizeof(x) * 100);
}
}
Ok you can say, the administrator can kill those processes, but we all know
our network administrators :-)
There are lot of other dirty methods, that's why binaries are not accepted.
Also, if I have bought a webspace for hosting my website, why should I need
to do all these things, simply I wont,
but there is always a dirty "but" .....
Even Scripts can cause harm, but (again but), the web masters can review
these scripts, and so ... its not so dangerous.
-siddhartha
--
To unsubscribe, send mail to [EMAIL PROTECTED] with the body
"unsubscribe ilug-cal" and an empty subject line.
FAQ: http://www.ilug-cal.org/node.php?id=3
--
To unsubscribe, send mail to [EMAIL PROTECTED] with the body
"unsubscribe ilug-cal" and an empty subject line.
FAQ: http://www.ilug-cal.org/node.php?id=3
