From owner-freebsd-questions Mon Mar 10 22:47:54 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C70F37B401 for ; Mon, 10 Mar 2003 22:47:52 -0800 (PST) Received: from mail1.nmu.edu (mail1.NMU.EDU [198.110.192.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9C79D43F75 for ; Mon, 10 Mar 2003 22:47:51 -0800 (PST) (envelope-from plathrop@mqtweb.com) Received: from mqtweb.com (Minerva.resnet.nmu.edu [204.38.207.11]) by mail1.nmu.edu (8.12.8/8.12.8) with ESMTP id h2B6ln7P060428; Tue, 11 Mar 2003 01:47:49 -0500 (EST) Date: Tue, 11 Mar 2003 01:47:47 -0500 Subject: Re: your mail Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v551) Cc: freebsd-questions@freebsd.org To: Ryan Thompson From: Paul Lathrop In-Reply-To: <20030311002655.X34446-100000@ren.sasknow.com> Message-Id: <5E789B70-538D-11D7-9C72-000393BF3DE2@mqtweb.com> Content-Transfer-Encoding: 7bit X-Pgp-Agent: GPGMail (v25) X-Mailer: Apple Mail (2.551) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, March 11, 2003, at 01:36 AM, Ryan Thompson wrote: >> When one does not know Perl, one uses C programs, I suppose. They >> are real binaries, and can be suid. It works. > >> Just mind your security... > > :-) I'll second that. I'm just shuddering at the thought a production > server somewhere with a whole platoon of 10- or 20-line quickly hacked > and poorly maintained C programs, all suid root. Not saying that shell > scripts can't be quickly hacked or poorly maintained either, but at > least their correctness is typically a little easier to verify, and > you don't normally have to worry about unfortunate things like buffer > overflows. > > I'd also like to remind the original poster about the security risks > associated with suid binaries. There are many subtle ways in which > suid binaries can bite one in the ass... especially where other local > users are present. > Is just learning Perl an option here? Perl scripts aren't binaries - to my understanding at least. Will they also be denied by the OS? If Perl will solve the problem, I'll just learn it sooner than I had planned :-) Thanks for all your help! Paul D. Lathrop -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (Darwin) iD8DBQE+bYaWlos2supvBQwRAgxhAJwOvyqtUgrkdVc6AQ6LYNQAf11VDgCdGQbW aVPiBgV0+6AsQzzJf+kjUqM= =qXzM -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message