Re: setuid - insecure dependancy with backticked cmd?

What makes you believe the script is setuid? The umask is not affecting that at all. Your script is running in taint mode and your command and environment have not been properly de-tainted. Check out perlsec for details.

-derby

Comment on Re: setuid - insecure dependancy with backticked cmd?

Replies are listed 'Best First'.
Re^2: setuid - insecure dependancy with backticked cmd? by EvanK (Chaplain) on Apr 22, 2006 at 20:14 UTC
i assumed the script is setuid because its giving a setuid error. i didnt realize it was running in taint mode! im not familiar with this runtime enviro, the previous sysadmin left on...less than friendly terms, so im having to pick up the pieces, heh. thanks! __________ Build a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life. - Terry Pratchett	[reply]
Re^3: setuid - insecure dependancy with backticked cmd? by derby (Abbot) on Apr 22, 2006 at 20:32 UTC
oops ... so sorry ... I missed the whole setuid portion of that error message. Really doesn't matter tho, the problem is with tainted data being used. -derby	[reply]
Re^4: setuid - insecure dependancy with backticked cmd? by EvanK (Chaplain) on Apr 22, 2006 at 20:35 UTC
yep, you're right on. i untainted some vars with a regex and its blazing along! ++, and thanks for the help! also thanks to thor __________ Build a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life. - Terry Pratchett	[reply]