A fine perpetuation of ignorance.
Perhaps if you're going to bother to post, you could actually explain why that doesn't cause any problems.
It's rather sad to see perlmonks dwindle down to nothing more than "do this" / "no that's bad" / "no it's not" / "yes it is."
I'll be on my way now.
| [reply] |
Actually, Abigail-II was just stating that s/he is not ignorant. If anyone wants to know why such a hack will not work, they could set up such an environment themselves and do some testing. I'm wondering if you know the definition of the word 'ignorance', as your use of the term in relation to Abigail-II (in this specific situation) is not valid. Unless you can prove that Abigail-II is wrong of course.
| [reply] |
Well, I was actually making a *shudder* joke. No, something as simple as injecting /etc/shadow into someone's list of files is not exactly tantamount to a root vulnerability. (But you should fear if someone injects etcshadow into your code.)
However, depending on what you were planning to do with that list of files, it might have been a Bad Thing to have /etc/shaddow injected into it... particularly if this script were being run as root.
In case you haven't noticed... using find with -print (which is the defualt command for find) is one of my pet-peeves.
Use -print0 or -exec.
Use -print0 or -exec!
Use -print0 or -exec!!!
example code:
my @files;
{
local $/="\0";
chomp (@files = `find . -print0`);
}
How hard was that? Now you have shut me down. You are l33t, and I am suX0rz.
------------
:Wq
Not an editor command: Wq
| [reply]
[d/l]
[select] |
A fine perpetuation of ignorance.
Really? etcshadow was claiming he could create a file on my
system. The only way to do that is to break in - if he can do
that, problems with find are the least of my worries.
Abigail
| [reply] |
I'm glad that you trust all of your users.
Many sysadmins can't. For an extreme example, any sysadmin at a university.
Would you recommend your technique for them?
| [reply] |