'Re:'x7," Question of safe data passing..."

This is where we came in, isn't it?

How's about having a db table of all the permitted scripts and methods to retrieve this data and amend it?

--

Brother Frankus.

Comment on 'Re:'x7," Question of safe data passing..."

Replies are listed 'Best First'.
Re: 'Re:'x7," Question of safe data passing..." by suaveant (Parson) on Apr 27, 2001 at 17:58 UTC
There is no way that I have been able to find to definatetly tell which script on the system is being run... no official way to tell /usr/bin/cat from /home/ant/cat... - Ant	[reply]
(tye)Re: Question of safe data passing... by tye (Sage) on Apr 27, 2001 at 20:23 UTC
That is why I was thinking of a set-UID script/program that does nothing but get the secured password, run your script, and pass the password to it over a pipe. You aren't going to get security without set-UID as that is really the only way to stop the current user from being able to do exactly what you do in order to find the password. But you can isolate the set-UID to just a separate script/program that does nothing but what I outlined and is very careful including removing any privileges before it runs the specified script (which is specified in the same secured location as the DBI password). - tye (but my friends call me "Tye")	[reply]
Re: (tye)Re: Question of safe data passing... by suaveant (Parson) on Apr 27, 2001 at 21:38 UTC
Yes, that's about what I've concluded from this thread... I had thought of that as a possible option... basically write a C wrapper that calls setuid in the middle does its important stuff like opening a file, then drops back to normal mode and runs a system call, passing the data through a pipe seems proper, though I'm not sure how to do that, I'm sure I can figured it out with enough headbanging, (C was the main language in school, but I don't use it much anymore :) anymore). - Ant	[reply]
(tye)Re2: Question of safe data passing... by tye (Sage) on Apr 28, 2001 at 00:17 UTC