l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
December 2: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2003 May 06 15:57

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Running a suid root perl script
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Running a suid root perl script



--xUq7mlTLx96rFlBf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, May 05, 2003 at 01:43:34PM -0700, Ken Herron wrote:
> My guess is that you're being tripped up by the real ID being different=
=20
> from the effective ID.

Ken,

  You are correct, ssh used the real ID to select the user name and
directory to find the local key... that is fixed.

> However, would recommend you implement this process in another way. First=
=20
[...all good points... local root is not needed, remote root is probably
not needed, if ssh is used a remote command should be specified for the
key, the remote command should be a wrapper around the real work
scripts, ... all so that malicious local users can't mess things up.]

> Personally I wouldn't have the user launching ssh interactively at all.=
=20
> I'd probably just write the mail to a file in a directory somewhere, then=
=20
> use a cron job to periodically copy the directory contents to the remote=
=20
> system.

How about having the users bounce the mail message with headers to=20
  bogofilter@site.internal
then having scripts on the mail server deal with adding the spam details=20
to its filtering system?

--=20
GPG key: http://simons-clan.com/~msimons/gpg/msimons.asc
Fingerprint: 524D A726 77CB 62C9 4D56  8109 E10C 249F B7FA ACBE

--xUq7mlTLx96rFlBf
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+uB9c4Qwkn7f6rL4RAn7SAJ9KrC6/4minJq544jiv7dtF5M9+AACdFXIa
WbFEDA3J4Yje1pgCNi0qbMo=
=awwa
-----END PGP SIGNATURE-----

--xUq7mlTLx96rFlBf--
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech








LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.