From owner-freebsd-questions Mon Feb 19 18:51:34 2001 Delivered-To: freebsd-questions@freebsd.org Received: from topperwein.dyndns.org (acs-24-154-28-34.zoominternet.net [24.154.28.34]) by hub.freebsd.org (Postfix) with ESMTP id 0A32937B401 for ; Mon, 19 Feb 2001 18:51:29 -0800 (PST) Received: from topperwein.dyndns.org (topperwein.dyndns.org [192.168.168.10]) by topperwein.dyndns.org (8.11.1/8.11.1) with ESMTP id f1K2qjc92924 for ; Mon, 19 Feb 2001 21:52:45 -0500 (EST) (envelope-from behanna@zbzoom.net) Date: Mon, 19 Feb 2001 21:52:45 -0500 (EST) From: Chris BeHanna Reply-To: To: Subject: Re: perl In-Reply-To: <3A76E225.A40C8A3@eCoNeed.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 30 Jan 2001, Pater Pandoson wrote: > Cliff Sarginson wrote: > > Who says that uses have access to a partition capable of executing > binaries? > And if there is a "security cop-out" I will gladly take it. Both of these measures are, IMHO, security policies promulgated by someone who doesn't know very much about security. Yes, you'll prevent someone from doing something malicious (with Perl), but you'll also have a *far* less useful system than you otherwise would have. Your ill-informed hack won't stop someone from doing, e.g., /bin/sh my_malicious_shell_script with which they could do not one more bit of damage than they could with Perl. With your boogey-man approach to security, you're going to have to chmod/chgrp *far* more than just Perl to prevent your users from running their own scripts or from accessing the system in potentially exploitable ways. -- Chris BeHanna Software Engineer (Remove "bogus" before responding.) behanna@bogus.zbzoom.net I was raised by a pack of wild corn dogs. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message