version 1.30, 2000/06/30 21:51:02 |
version 1.31, 2000/07/10 19:35:43 |
|
|
line, a controlled environment, and call <code>execve</code> directly. |
line, a controlled environment, and call <code>execve</code> directly. |
The <code>perlsec</code> man page is a good tutorial on such problems. |
The <code>perlsec</code> man page is a good tutorial on such problems. |
|
|
<li>Never used setuid shell-scripts. These are inherently insecure. |
<li>Never use setuid shell-scripts. These are inherently insecure. |
Wrap them into some C code that ensures a proper environment. |
Wrap them into some C code that ensures a proper environment. |
On the other hand, OpenBSD features secure perl scripts. |
On the other hand, OpenBSD features secure perl scripts. |
|
|