bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cd with multiple arguments?


From: Marc Herbert
Subject: Re: cd with multiple arguments?
Date: Fri, 17 Dec 2010 09:47:00 +0000
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101209 Fedora/3.1.7-0.35.b3pre.fc14 Thunderbird/3.1.7

Le 16/12/2010 17:03, Bob Proulx a écrit :
> I didn't say anything about quoting.  The topic here was security
> vulnerabilities of an suid script.  For example the classic race
> condition between stat'ing the #! interpreter and launching the
> privileged process on the file.  If the system has that behavior then
> any #! interpreter (including non-interpreters such as 'ls') are
> vulnerable to an attack of slipping a different interpreter in at the
> last moment.

Sorry I did not know about this race condition. This is more or less
the type of problems I had in mind:

 http://hea-www.harvard.edu/~fine/Tech/cgi-safe.html

The number of security recommendations on this page is impractical for
any programmer but an expert one. This is just too complicated. I see
this as yet another demonstration that shell scripting is very good
for interactive use and relatively small system administration tasks but
does not scale beyond that. Actually, I doubt any language could do
that. Safety and "scalability" are more often than not opposed to
convenience.

(OK: maybe Perl is just as bad)





reply via email to

[Prev in Thread] Current Thread [Next in Thread]