Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Re: MD5 Cracker

by fenLisesi (Priest)
on Nov 16, 2006 at 10:53 UTC ( [id://584423]=note: print w/replies, xml ) Need Help??


in reply to MD5 Cracker

Could someone call this with a filename such as '> $INTERESTING_FILE'? Cheers.

Update: I see that I did not explain my point well at all ($INTERESTING_FILE is meant to be a shell var, for one). Let me put forth a worst case scenario: A crazed admin installs this utility setuid root and a user calls it with a string that will cause this utility to open the system password file in write mode. Typically, it would just be able to mess up the files on which the user already has write access, which is not a big problem. It is probably best, though, to always keep in mind the concentric-circles approach to security and use Taint, avoid the shell, etc. Also, Corion mentioned in the CB that a self-respecting developer would salt the data passed by the user, so even if the data were a dictionary word, this utility would not work.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://584423]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others scrutinizing the Monastery: (4)
As of 2024-03-19 07:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found