running fp menu scripts as user, not filepro
Fairlight
fairlite at fairlite.com
Fri Mar 14 14:24:35 PDT 2008
You'll never BELIEVE what Nancy Palmquist said here...:
> Scott,
>
> I always like runmenu to execute as filepro on unix. For the following
> reason.
>
> All I/O stuff and System stuff that they might need to run, can be setup
> so filePro has the right permissions to execute. FilePro can read a
> file, filepro will write a file, etc.
And anyone that creates or edits a menu for filePro can put the following
command in it:
rm -rf /appl
Then it will execute as filepro, and you're utterly and completely boned,
barring backups--which still may not have all your most recent data.
It's a security risk. You don't let someone near an suid shell unless you
have a Really Good Reason[tm], and there is implicit trust in the using
party.
mark->
--
"Moral cowardice will surely be written as the cause on the death
certificate of what used to be Western Civilization." --James P. Hogan
More information about the Filepro-list
mailing list