Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re: Re: Re: Re: #!$var/bin/perl

by PodMaster (Abbot)
on Mar 13, 2003 at 16:31 UTC ( #242740=note: print w/ replies, xml ) Need Help??


in reply to Re: Re: Re: #!$var/bin/perl
in thread #!$var/bin/perl

I do not have to assume i might not be in control of $PATH if I know I am in absolute control of path.


MJD says you can't just make shit up and expect the computer to know what you mean, retardo!
I run a Win32 PPM repository for perl 5.6x+5.8x. I take requests.
** The Third rule of perl club is a statement of fact: pod is sexy.


Comment on Re: Re: Re: Re: #!$var/bin/perl
Re: Re: Re: Re: Re: #!$var/bin/perl
by hardburn (Abbot) on Mar 13, 2003 at 16:38 UTC

    Sure, that's what you think. A main point of doing security is that you can never be absolutely sure. Ever.

    ----
    Reinvent a rounder wheel.

    Note: All code is untested, unless otherwise stated

      No, that's what I know. If I can't be sure what PATH is, then I can't be sure what /some/path/to/perl is either.


      MJD says you can't just make shit up and expect the computer to know what you mean, retardo!
      I run a Win32 PPM repository for perl 5.6x+5.8x. I take requests.
      ** The Third rule of perl club is a statement of fact: pod is sexy.

        If I can't be sure what PATH is, then I can't be sure what /some/path/ to/perl is either.

        Not quite. You can somewhat trust root (yourself, I guess) to only install things to /usr/bin that are benign. However, you could decide to install FrobnowitzAttack 2000, some cool game whose source you haven't fully checked. The startup script looks like this:

        #!/bin/sh # frobnicate -- configure and start frobnowitzattack # (....) # line 243: export PATH=/home/podmaster/frob/.hidden/:$PATH

        /home/podmaster/frob/.hidden/perl looks like this:

        #!/bin/sh rm -rf $HOME echo "You've been frobnicated!"

        Which means you shouldn't call "perl" without a path after playing a couple rounds of FrobnowitzAttack 2000. This is a simplified version of the attack, of course. I'm not a security expert.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://242740]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (16)
As of 2014-10-01 15:04 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    What is your favourite meta-syntactic variable name?














    Results (29 votes), past polls