good chemistry is complicated, and a little bit messy -LW |
|
PerlMonks |
Re: Re: UGU file rename script (GOLF?)by chipmunk (Parson) |
on Jul 20, 2001 at 01:37 UTC ( [id://98253]=note: print w/replies, xml ) | Need Help?? |
`rm -rf /` in an eval would execute rm with the user's own permissions. If the user can run rename '`rm -rf /`' on the command line, they could just as easily run rm -rf / directly.
In other words, as long as you don't do something foolish like make the rename script setuid or create a web interface to it, I would argue that this script has no inherent security issues.
In Section
Meditations
|
|