Le 16/12/2010 17:03, Bob Proulx a écrit : > I didn't say anything about quoting. The topic here was security > vulnerabilities of an suid script. For example the classic race > condition between stat'ing the #! interpreter and launching the > privileged process on the file. If the system has that behavior then > any #! interpreter (including non-interpreters such as 'ls') are > vulnerable to an attack of slipping a different interpreter in at the > last moment.
Sorry I did not know about this race condition. This is more or less the type of problems I had in mind: http://hea-www.harvard.edu/~fine/Tech/cgi-safe.html The number of security recommendations on this page is impractical for any programmer but an expert one. This is just too complicated. I see this as yet another demonstration that shell scripting is very good for interactive use and relatively small system administration tasks but does not scale beyond that. Actually, I doubt any language could do that. Safety and "scalability" are more often than not opposed to convenience. (OK: maybe Perl is just as bad)
