in reply to Obfuscation and viruses

I notice that a few people have mentioned that untrusted programs should be run as another user such as "nobody". This neglects the fact that many people don't have the ability to do this, unless they happen to be UNIX or Linux sysadmins. I'll admit that I am one, but most of the Perl programmers I know at work are not.

Besides, are you sure that there isn't any area on your hard drive that the user "nobody" has write access to? If your server has a lot of users, you can bet that they are making some of their files world-writable. My users do, quite often.

The bottom line is that a program from an untrusted source (or a trusted source that has been hacked) has a potential for danger on most servers. So beware...

buckaduck

Replies are listed 'Best First'.
Re (tilly) 2: Obfuscation and viruses
by tilly (Archbishop) on Jun 18, 2001 at 23:07 UTC
    Indeed merlyn has an example that works on many forms of Unix which allows "nobody" to take down a machine using the fact that /tmp is world writeable and there is a regular cron run as root that assumes filenames don't include returns.
[reply]

In Section Meditations