running fp menu scripts as user, not filepro

Fairlight fairlite at fairlite.com
Fri Mar 14 14:24:35 PDT 2008


You'll never BELIEVE what Nancy Palmquist said here...:
> Scott,
>
> I always like runmenu to execute as filepro on unix.  For the following
> reason.
>
> All I/O stuff and System stuff that they might need to run, can be setup
> so filePro has the right permissions to execute.  FilePro can read a
> file, filepro will write a file, etc.

And anyone that creates or edits a menu for filePro can put the following
command in it:

rm -rf /appl

Then it will execute as filepro, and you're utterly and completely boned,
barring backups--which still may not have all your most recent data.

It's a security risk.  You don't let someone near an suid shell unless you
have a Really Good Reason[tm], and there is implicit trust in the using
party.

mark->
-- 
"Moral cowardice will surely be written as the cause on the death
certificate of what used to be Western Civilization." --James P. Hogan


More information about the Filepro-list mailing list