At 09:19 AM 9/15/00 -0400, Chaim Frenkel wrote: > >>>>> "JH" == Jarkko Hietaniemi <[EMAIL PROTECTED]> writes: > > >> (Someone remind me, What is the point of -T if not running setuid?) >JH> Being paranoid is never a bad idea because They are always out to get you. > >That's fine, but tell me what security breach can be caused by not having >a -T? Any time the code being executed isn't being run as the person asking for its execution you can have problems. Think daemons in perl, or client-server code. (Like CGI programs, or mailing-list managers) Jobs run automagically by privileged users (and arguably not automagically) can be targets. Think odd filenames in /tmp and cron jobs owned by root. Dan --------------------------------------"it's like this"------------------- Dan Sugalski even samurai [EMAIL PROTECTED] have teddy bears and even teddy bears get drunk
- RFC 227 (v1) Extend the window to turn on taint mode Perl6 RFC Librarian
- Re: RFC 227 (v1) Extend the window to turn on tai... Chaim Frenkel
- Re: RFC 227 (v1) Extend the window to turn on... Jarkko Hietaniemi
- Re: RFC 227 (v1) Extend the window to tur... Chaim Frenkel
- Re: RFC 227 (v1) Extend the window to... Jarkko Hietaniemi
- Re: RFC 227 (v1) Extend the wind... Chaim Frenkel
- Re: RFC 227 (v1) Extend the window to... Dan Sugalski
- Re: RFC 227 (v1) Extend the wind... Chaim Frenkel
- Re: RFC 227 (v1) Extend the ... Dan Sugalski
- Re: RFC 227 (v1) Extend ... Chaim Frenkel
- Re: RFC 227 (v1) Extend ... Adam Turoff
- Re: RFC 227 (v1) Extend the window to turn on... Sam Tregar
- Re: RFC 227 (v1) Extend the window to turn on... Adam Turoff
- Re: RFC 227 (v1) Extend the window to tur... Chaim Frenkel
- Re: RFC 227 (v1) Extend the window to tur... Dan Sugalski
- Re: RFC 227 (v1) Extend the window to... Adam Turoff
- Re: RFC 227 (v1) Extend the wind... Dan Sugalski