Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Re: Re: Re: Re: #!$var/bin/perl

by PodMaster (Abbot)
on Mar 13, 2003 at 16:31 UTC ( #242740=note: print w/ replies, xml ) Need Help??


in reply to Re: Re: Re: #!$var/bin/perl
in thread #!$var/bin/perl

I do not have to assume i might not be in control of $PATH if I know I am in absolute control of path.


MJD says you can't just make shit up and expect the computer to know what you mean, retardo!
I run a Win32 PPM repository for perl 5.6x+5.8x. I take requests.
** The Third rule of perl club is a statement of fact: pod is sexy.


Comment on Re: Re: Re: Re: #!$var/bin/perl
Replies are listed 'Best First'.
Re: Re: Re: Re: Re: #!$var/bin/perl
by hardburn (Abbot) on Mar 13, 2003 at 16:38 UTC

    Sure, that's what you think. A main point of doing security is that you can never be absolutely sure. Ever.

    ----
    Reinvent a rounder wheel.

    Note: All code is untested, unless otherwise stated

      No, that's what I know. If I can't be sure what PATH is, then I can't be sure what /some/path/to/perl is either.


      MJD says you can't just make shit up and expect the computer to know what you mean, retardo!
      I run a Win32 PPM repository for perl 5.6x+5.8x. I take requests.
      ** The Third rule of perl club is a statement of fact: pod is sexy.

        If I can't be sure what PATH is, then I can't be sure what /some/path/ to/perl is either.

        Not quite. You can somewhat trust root (yourself, I guess) to only install things to /usr/bin that are benign. However, you could decide to install FrobnowitzAttack 2000, some cool game whose source you haven't fully checked. The startup script looks like this:

        #!/bin/sh # frobnicate -- configure and start frobnowitzattack # (....) # line 243: export PATH=/home/podmaster/frob/.hidden/:$PATH

        /home/podmaster/frob/.hidden/perl looks like this:

        #!/bin/sh rm -rf $HOME echo "You've been frobnicated!"

        Which means you shouldn't call "perl" without a path after playing a couple rounds of FrobnowitzAttack 2000. This is a simplified version of the attack, of course. I'm not a security expert.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://242740]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (13)
As of 2015-07-07 18:54 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (93 votes), past polls