Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re: tainting system calls correctly

by Zaxo (Archbishop)
on Apr 10, 2002 at 16:39 UTC ( [id://158066]=note: print w/replies, xml ) Need Help??


in reply to Untainting system calls correctly

As a security measure, I think taint is a little beside the point if you are handing out shell accounts via a web form.

Please say you have some layers of approval, authorization and authentication above this! :)

After Compline,
Zaxo

Replies are listed 'Best First'.
Re: Re: tainting system calls correctly
by c (Hermit) on Apr 10, 2002 at 17:18 UTC
    Not really shell accounts. If you notice the shell is set to /bin/false. Plus the script is only available to clients that have signed off on a lengthy contract agreement. To boot, its available through a strictly ssl connection that requires user/pass authorization.

    There are additional checks within the script to restrict touching UID less than 500, passing a group to a GID that is greater than 500.

    I know that there are plenty of issues that still need to be addressed, but I was just curious to see exactly *why* i am seeing it fail in my current situation.

    thanks -c

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://158066]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others meditating upon the Monastery: (4)
As of 2024-03-28 23:04 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found