FP & FreeBSD Revisited...
Bob Stockler
bob at trebor.iglou.com
Wed Jan 5 16:25:01 PST 2005
On Wed, Jan 05, 2005 at 03:37:44PM -0600, Chad McWilliams wrote:
[snip]
| P.S. To me the way the SYSTEM command behaves under *bsd is a security
| risk. If a user were to somehow get to a shell prompt while "SYSTEMed"
| out, they would be able to do anything the filepro user would be able
| to, including deleting the filepro files. This is in stark contrast to
| the way SYSTEM behaves under SCO. I'm sure most of you realize this,
| but I thought I would mention it for those it wasn't obvious to.
On SCO Xenix and UNIX the programs executed by the filePro
SYSTEM command have always been executed by /bin/sh, which
has executed them with the EUID of the user "filepro".
It's on systems where /bin/sh refuses to execute them with
the EUID, but insists on excuting them with the UID of the
of the real user that problems arise.
There is no security risk with filePro SYSTEM commands being
executed EUID the user "filepro" - unless those adminstering
the system allow just anyone to have full access to the
filePro creation programs . . . in which case any further
security is meaningless.
Bob
--
Bob Stockler - bob at trebor.iglou.com
Author: MENU EDIT II - The BEST Creator/Editor/Manager for filePro User Menus.
Fully functional (time-limited) demos available by email request (specify OS).
More information about the Filepro-list
mailing list