No,
ikegami, I believe I didn't either go "way beyond making observations", nor "falsely claim the actions were a result of using tainting" - all I did was to attempt to help the poster by giving the benefit of my industrial experience.
In this case, the, admittedly not entirely exhaustive (project time pressures prevailed on us) investigations into problems we were experiencing revolved around the following...
- Remove tainting - perl ran the script
- Change the permissions on the called binarys' containing directory - perl ran the script
- Copy the called binary from the 'open' directory to a more 'restrictive' directory and change to call to an absolute, from a relative, call - once again, perl ran the script
Ergo, we concluded, tainting must be checking permissions of the containing directory. The
setuid thing is a red herring, since, in our case, the binary was merely an e-mail client called indirectly from a CGI script.
A user level that continues to overstate my experience :-))
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.