On 4/30/06, Andrew Lentvorski <[EMAIL PROTECTED]> wrote:
James G. Sack (jim) wrote:
> 2) but if a script is (say) o+x and (eg, for security) you wish the
> script NOT to execute anything other than the known program at the known
> absolute path, then you probably should hard code the path appropriate
> for that host.
No. For security, you should encode *no* path.
Paths can be faked; shared libraries can be corrupted; etc.
I can use LD_LIBRARY_PATH to replace the standard system path utilities
and trick you into believing that the path is correct.
The concepts of "security", "script" and "user" are fundamentally
incompatible.
This is why the admonition "No setuid scripts" exists.
I think you have leaped to the conclusion that the mention of
"security" in the same paragraph with "shell script" implies a setuid
script. I don't see that either mentioned or implied.
carl
--
carl lowenstein marine physical lab u.c. san diego
[EMAIL PROTECTED]
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
