in reply to Re: tainting system calls correctly
in thread Untainting system calls correctly
Not really shell accounts. If you notice the shell is set to /bin/false. Plus the script is only available to clients that have signed off on a lengthy contract agreement. To boot, its available through a strictly ssl connection that requires user/pass authorization.
There are additional checks within the script to restrict touching UID less than 500, passing a group to a GID that is greater than 500.
I know that there are plenty of issues that still need to be addressed, but I was just curious to see exactly *why* i am seeing it fail in my current situation.
thanks -c
|
---|
In Section
Seekers of Perl Wisdom