FP & FreeBSD Revisited...

Chad McWilliams chad at computiprint.com
Thu Jan 6 06:30:00 PST 2005



> -----Original Message-----
> From: filepro-list-bounces at lists.celestial.com 
> [mailto:filepro-list-bounces at lists.celestial.com] On Behalf 
> Of Fairlight
> Sent: Wednesday, January 05, 2005 5:40 PM
> To: 'filePro List'
> Subject: Re: FP & FreeBSD Revisited...
> 
> 
> > P.S. To me the way the SYSTEM command behaves under *bsd is 
> a security 
> > risk.  If a user were to somehow get to a shell prompt while 
> > "SYSTEMed" out, they would be able to do anything the filepro user 
> > would be able to, including deleting the filepro files.  This is in 
> > stark contrast to the way SYSTEM behaves under SCO.  I'm 
> sure most of 
> > you realize this, but I thought I would mention it for 
> those it wasn't 
> > obvious to.
> 
> I beg to differ.  I realise no such thing, as it's not 
> technically accurate.  
> 
> On SCO 5.0.6, fP 5.0.7D4:
> 
> @once::system "vi /tmp/blipper":
> ::end:
> 
> $ ls -l /tmp/blipper
> -rw-------   1 filepro  group          5 Jan  5 18:33 /tmp/blipper
> 
> You're dead wrong.  It's -always- worked this way on SCO.  
> The only difference I've ever seen is on linux with bash2, 
> where bash drops EUID by default, and you're stuck as the 
> normal user.  
> 
> SCO has had SYSTEM commands running as the SUID user since 
> time immemorial. Well, for my part I can remember it back to 3.2.4.0.
> 

You are correct, and I appologize.  I never actually tried it on SCO to see.
Of course if I would have thought about it for 2 seconds, I would have
realized it.  It was just my quick thinking getting in the way since running
fp from within the "systemed" shell acted differently.

-Chad McWilliams



More information about the Filepro-list mailing list