Perl Monk, Perl Meditation | |
PerlMonks |
Re^5: How can a script use a password without making the password visible?by afoken (Chancellor) |
on Mar 04, 2017 at 12:00 UTC ( [id://1183644]=note: print w/replies, xml ) | Need Help?? |
then you have to trust your security admin ... and now guess who that might be. ;-) But that's not all of the problem. You don't just have to trust root that he is not malicious. You also have to trust root that he is not lazy, uninformed or simply stupid: Imagine a secuity bug in a completely unrelated program running setuid root or a service started as root. A trustworthy root should install the relevant security update; and he should disable that program or service or at least apply a workaround while no update is available. And root should not give out permissions to any user like candy. Imagine a root doing chmod 4755 exe && chown 0:0 exe for any program a student or intern or manager demands that for. Imagine a root allowing anyone to load a new kernel module. Update: There are usually more setuid/setgid programs than you might expect. Just for fun, I ran this little script:
It found 36 binaries in $ENV{'PATH'} running setuid or setgid on my home server:
I should ask root a.k.a. myself: Do I need all of these? Do all of these have to run setuid? Are there more, in directories outside $ENV{'PATH'}? Alexander
-- Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
In Section
Seekers of Perl Wisdom
|
|