|
|
Use LaTeX formatted equations in Keynote
This script has a security issue. You are blindly passing $ARGV[0] to a system command. And, you better hope that if this is run in a shared environment, no one has symlinked (or hard linked) the /tmp/eq.* files to something else.. so 2 possible security risks if this is run in a multiuser environment.
Use LaTeX formatted equations in Keynote
That /tmp/ stuff is a fair comment. I was aware of the ARGV thing but I wouldn't call that a security problem myself. Just did this to get stuff working and was hoping someone here would make it nicer.
Use LaTeX formatted equations in Keynote
You don't consider something like this a security issue? This is essentially what your code does:
Now, if the script was named foo.pl and called like:
Use LaTeX formatted equations in Keynote
(Sorry for reposting this, the > was un-entitized when I previewed and cut off some of post.. seems like a bug)
You don't consider something like this a security issue? This is essentially what your code does:
Now, if the script was named foo.pl and called like:
I'd get your passwd file. Or, perform whatever (multiple) shell functions I can with the permissions of the script. That's a security issue, and a basic one. I appreciate that you posted a hint, don't get me wrong... but too many times people take code from hint sites and use them, not knowing the danger that can be caused. Code with glaring security holes shouldn't be posted.. in my opinion :)
Use LaTeX formatted equations in Keynote
The reason I don't consider that a security issue is that if you've got access to perl and the command prompt anyway you can just get the file without faffing around with my script.
Use LaTeX formatted equations in Keynote
That would be a security issue IF the script were being called from the Web or an unprivileged environment.
Use LaTeX formatted equations in Keynote
You people are missing the point. The script is being posted on a "hints" site, and it is not secure. If it is on a multi-user environment, it can be dangerous. This isn't rocket science, it is Security 101. Posting insecure scripts on a 'hints' site is plain wrong. Period.
Use LaTeX formatted equations in Keynote
Yes, lookout! You may allow someone to gain the privledges they already have!!
Use LaTeX formatted equations in Keynote
No, not at all. They can gain whatever privlages the script will allow them to have. Are you people all ex-Windows users or something? You really don't understand secuirty.
Use LaTeX formatted equations in Keynote
Well, the only way you'd get other peoples privledges is if this script was SUID. Why would it be SUID? Why would you rant so long about this, just incase someone decides to run it SUID?
Use LaTeX formatted equations in Keynote
Because it is poor progamming! Get a clue man.
Use LaTeX formatted equations in Keynote
*laugh* |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.21 seconds |
|