Date: Tue, 11 Mar 2003 00:36:45 -0600 (CST) From: Ryan Thompson <ryan@sasknow.com> To: DoubleF <doublef@tele-kom.ru> Cc: Paul Lathrop <plathrop@mqtweb.com>, <freebsd-questions@FreeBSD.ORG> Subject: Re: your mail Message-ID: <20030311002655.X34446-100000@ren.sasknow.com> In-Reply-To: <20030311061440.22593.qmail@mx.tele-kom.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
DoubleF wrote to Paul Lathrop: > Hi, > > > Thanks for your response. Now my question is - how does one > > automate tasks requiring root privileges? > > When one does not know Perl, one uses C programs, I suppose. They > are real binaries, and can be suid. It works. > Just mind your security... :-) I'll second that. I'm just shuddering at the thought a production server somewhere with a whole platoon of 10- or 20-line quickly hacked and poorly maintained C programs, all suid root. Not saying that shell scripts can't be quickly hacked or poorly maintained either, but at least their correctness is typically a little easier to verify, and you don't normally have to worry about unfortunate things like buffer overflows. I'd also like to remind the original poster about the security risks associated with suid binaries. There are many subtle ways in which suid binaries can bite one in the ass... especially where other local users are present. - Ryan -- Ryan Thompson <ryan@sasknow.com> SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030311002655.X34446-100000>