Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Re: Re: Re: Re: Re: #!$var/bin/perl

by hardburn (Abbot)
on Mar 13, 2003 at 16:38 UTC ( #242742=note: print w/ replies, xml ) Need Help??


in reply to Re: Re: Re: Re: #!$var/bin/perl
in thread #!$var/bin/perl

Sure, that's what you think. A main point of doing security is that you can never be absolutely sure. Ever.

----
Reinvent a rounder wheel.

Note: All code is untested, unless otherwise stated


Comment on Re: Re: Re: Re: Re: #!$var/bin/perl
Re: Re: Re: Re: Re: Re: #!$var/bin/perl
by PodMaster (Abbot) on Mar 13, 2003 at 16:45 UTC
    No, that's what I know. If I can't be sure what PATH is, then I can't be sure what /some/path/to/perl is either.


    MJD says you can't just make shit up and expect the computer to know what you mean, retardo!
    I run a Win32 PPM repository for perl 5.6x+5.8x. I take requests.
    ** The Third rule of perl club is a statement of fact: pod is sexy.

      If I can't be sure what PATH is, then I can't be sure what /some/path/ to/perl is either.

      Not quite. You can somewhat trust root (yourself, I guess) to only install things to /usr/bin that are benign. However, you could decide to install FrobnowitzAttack 2000, some cool game whose source you haven't fully checked. The startup script looks like this:

      #!/bin/sh # frobnicate -- configure and start frobnowitzattack # (....) # line 243: export PATH=/home/podmaster/frob/.hidden/:$PATH

      /home/podmaster/frob/.hidden/perl looks like this:

      #!/bin/sh rm -rf $HOME echo "You've been frobnicated!"

      Which means you shouldn't call "perl" without a path after playing a couple rounds of FrobnowitzAttack 2000. This is a simplified version of the attack, of course. I'm not a security expert.

        That might be true, if I didn't sanitize the path before attempting to invoke a perl program every time.


        MJD says you can't just make shit up and expect the computer to know what you mean, retardo!
        I run a Win32 PPM repository for perl 5.6x+5.8x. I take requests.
        ** The Third rule of perl club is a statement of fact: pod is sexy.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://242742]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (7)
As of 2014-12-27 13:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (177 votes), past polls