running fp menu scripts as user, not filepro

GCC Consulting gccconsulting at comcast.net
Sat Mar 15 08:36:50 PDT 2008 


> -----Original Message-----
> From: filepro-list-
> bounces+gccconsulting=comcast.net at lists.celestial.com [mailto:filepro-
> list-bounces+gccconsulting=comcast.net at lists.celestial.com] On Behalf
> Of Fairlight
> Sent: Friday, March 14, 2008 5:25 PM
> To: filePro Mailing List
> Subject: Re: running fp menu scripts as user, not filepro
> 
> You'll never BELIEVE what Nancy Palmquist said here...:
> > Scott,
> >
> > I always like runmenu to execute as filepro on unix.  For the
> following
> > reason.
> >
> > All I/O stuff and System stuff that they might need to run, can be
> setup
> > so filePro has the right permissions to execute.  FilePro can read a
> > file, filepro will write a file, etc.
> 
> And anyone that creates or edits a menu for filePro can put the
> following
> command in it:
> 
> rm -rf /appl
> 
> Then it will execute as filepro, and you're utterly and completely
> boned,
> barring backups--which still may not have all your most recent data.
> 
> It's a security risk.  You don't let someone near an suid shell unless
> you
> have a Really Good Reason[tm], and there is implicit trust in the using
> party.
> 
> mark->

I ran into this situation years ago when I was acting as "system support"
for my wife's hospital materials management system.  The vendor had everyone
logging as the same user.  The vendor's support was on the west coast and
didn't open until noon est, so I was "volunteered".

I spent a bit of time looking over their login procedure and wrote a login
script which would allow each use to have a separate login but it needed
just a bit of tweaking to complete.  

I met with the vendor, a major hospital supplier who had licensed the
software, in their home office in Chicago.  When I explained to the VP that
anyone could erase the system using a simple recursive command.  He turned
to the software companies representative and ask if this was true.  When she
confirmed this, his color drained.  I then handed them a copy of my login
script and told them it need just a little more work to change the login
method and avoid this problem.  He thanked me.  I didn't even charge them
for my time.

Well, after all that, they never did anything.  Since nothing was done, and
I was getting too busy to be the hospitals unpaid tech support 3 hours a
day, I advised my wife to replace the system.  She did this a short time
later with a more robust system running on an IBM system/36.  

Richard

More information about the Filepro-list mailing list