FP & FreeBSD Revisited...
Chad McWilliams
chad at computiprint.com
Thu Jan 6 06:30:00 PST 2005
> -----Original Message-----
> From: filepro-list-bounces at lists.celestial.com
> [mailto:filepro-list-bounces at lists.celestial.com] On Behalf
> Of Fairlight
> Sent: Wednesday, January 05, 2005 5:40 PM
> To: 'filePro List'
> Subject: Re: FP & FreeBSD Revisited...
>
>
> > P.S. To me the way the SYSTEM command behaves under *bsd is
> a security
> > risk. If a user were to somehow get to a shell prompt while
> > "SYSTEMed" out, they would be able to do anything the filepro user
> > would be able to, including deleting the filepro files. This is in
> > stark contrast to the way SYSTEM behaves under SCO. I'm
> sure most of
> > you realize this, but I thought I would mention it for
> those it wasn't
> > obvious to.
>
> I beg to differ. I realise no such thing, as it's not
> technically accurate.
>
> On SCO 5.0.6, fP 5.0.7D4:
>
> @once::system "vi /tmp/blipper":
> ::end:
>
> $ ls -l /tmp/blipper
> -rw------- 1 filepro group 5 Jan 5 18:33 /tmp/blipper
>
> You're dead wrong. It's -always- worked this way on SCO.
> The only difference I've ever seen is on linux with bash2,
> where bash drops EUID by default, and you're stuck as the
> normal user.
>
> SCO has had SYSTEM commands running as the SUID user since
> time immemorial. Well, for my part I can remember it back to 3.2.4.0.
>
You are correct, and I appologize. I never actually tried it on SCO to see.
Of course if I would have thought about it for 2 seconds, I would have
realized it. It was just my quick thinking getting in the way since running
fp from within the "systemed" shell acted differently.
-Chad McWilliams
More information about the Filepro-list
mailing list