Date: Tue, 11 Mar 2003 01:47:47 -0500 From: Paul Lathrop <plathrop@mqtweb.com> To: Ryan Thompson <ryan@sasknow.com> Cc: freebsd-questions@freebsd.org Subject: Re: your mail Message-ID: <5E789B70-538D-11D7-9C72-000393BF3DE2@mqtweb.com> In-Reply-To: <20030311002655.X34446-100000@ren.sasknow.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, March 11, 2003, at 01:36 AM, Ryan Thompson wrote: >> When one does not know Perl, one uses C programs, I suppose. They >> are real binaries, and can be suid. It works. > >> Just mind your security... > > :-) I'll second that. I'm just shuddering at the thought a production > server somewhere with a whole platoon of 10- or 20-line quickly hacked > and poorly maintained C programs, all suid root. Not saying that shell > scripts can't be quickly hacked or poorly maintained either, but at > least their correctness is typically a little easier to verify, and > you don't normally have to worry about unfortunate things like buffer > overflows. > > I'd also like to remind the original poster about the security risks > associated with suid binaries. There are many subtle ways in which > suid binaries can bite one in the ass... especially where other local > users are present. > Is just learning Perl an option here? Perl scripts aren't binaries - to my understanding at least. Will they also be denied by the OS? If Perl will solve the problem, I'll just learn it sooner than I had planned :-) Thanks for all your help! Paul D. Lathrop -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (Darwin) iD8DBQE+bYaWlos2supvBQwRAgxhAJwOvyqtUgrkdVc6AQ6LYNQAf11VDgCdGQbW aVPiBgV0+6AsQzzJf+kjUqM= =qXzM -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5E789B70-538D-11D7-9C72-000393BF3DE2>