Hi all, A few weeks ago, I asked a few things about securing code that makes shell calls with "system". The replies were very helpful! I just have two shorter (I think :-) ) questions. I'm thinking of using taint, but I have one question which would help me understand things better:
Except for changes to the ENV variables like PATH, tainting just adds more checking. So, if I have two web servers A and B, if A is a test server and B is a "live" server, then if I write code with tainting on A, test it, and ensure everything works with no errors...I can then move it to another server as B *without* taint enabled, and I would have got most of the important benefits of tainting. Is this statement true? Then, in a way, it's like compiling a C program and turning on the debugging flag during development, but removing it when you are distributing the executable to someone? The reason why I'm asking is because I'm the root user of A, but not of B...so I have more control over A and can play and test things. Thank you! Ray ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Mason-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/mason-users
