Re: Re: tainting system calls correctly


"be consistent"
	PerlMonks

Re: Re: tainting system calls correctly

by c (Hermit)

on Apr 10, 2002 at 17:18 UTC ( #158077=note: print w/replies, xml )

Need Help??

in reply to Re: tainting system calls correctly
in thread Untainting system calls correctly

Not really shell accounts. If you notice the shell is set to /bin/false. Plus the script is only available to clients that have signed off on a lengthy contract agreement. To boot, its available through a strictly ssl connection that requires user/pass authorization.

There are additional checks within the script to restrict touching UID less than 500, passing a group to a GID that is greater than 500.

I know that there are plenty of issues that still need to be addressed, but I was just curious to see exactly *why* i am seeing it fail in my current situation.

thanks -c

Comment on Re: Re: tainting system calls correctly

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://158077]
help

Chatterbox^?

How do I use this? | Other CB clients

Other Users^?

Others examining the Monastery: (3)

As of 2023-06-01 15:39 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

No recent polls found

Notices^?