On Sun, 2002-06-02 at 02:25, Borsenkow Andrej wrote:
It is not an issue because bash ignores inherited IFS. And I actually
fail to see how you can do su from malicious terminal unless you _are_
the malicious person ... in which case if you can do su you can do
everything.
Scenario: systems
Liam R. E. Quin wrote:
the security stuff is to
do with unquoted shell variables
Can you explain, or give me a pointer to a relevent faq/document? I
found the
NCSA Secure Programming Guidelines, and it mentions the IFS thing, but
nothing about quoted vs unquoted variables. It also fails
÷ ÷ÓË, 02.06.2002, × 10:49, Doug McClendon ÎÁÐÉÓÁÌ:
Liam R. E. Quin wrote:
the security stuff is to
do with unquoted shell variables
Can you explain, or give me a pointer to a relevent faq/document? I
found the
NCSA Secure Programming Guidelines, and it mentions the IFS thing,
I was reading through the init scripts functions file and
noticed some very minor speedups, a bug fix, and some
relatively obscure security holes - possibly they should go
back to the mantainers, but I think they may be Mandrake-specific.
Speeding up these scripts seems desireable... the