Clear questions and runnable code get the best and fastest answer |
|
PerlMonks |
Re^5: On being 'critical'by BrowserUk (Patriarch) |
on Dec 15, 2006 at 01:21 UTC ( [id://589958]=note: print w/replies, xml ) | Need Help?? |
As you point out, if real and effective user ids are different, taint mode is enabled automatically. So even if a script relying upon <> is accidently given the setuid bit, nothing nasty happens. That means the attack is not an attack. My question still stands. Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.
In Section
Seekers of Perl Wisdom
|
|