On Thu, 22 Jun 2023 15:07:19 -0500 Derek Martin <[email protected]> wrote:
> 1. As I indicated in the other message, if the program is intended to > run exclusively in the security context of the user running it, and > does not at any point require elevated privileges (which needs to > be evaluated carefully), then using /usr/bin/env is PROBABLY fine, > particularly if you wrote it and know what it does. You list three "ifs" around using env. Explicit path to /usr/bin/perl or whatever has zero "ifs". I leave it to the reader to decide which is more reliable and secure, and preferable for their environments. > BUT: the onus is on the user running the perl script to make sure I correct myself: four "ifs". -- \m/ (--) \m/ _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
