Where to put user written program
David Nicol
davidnicol at gmail.com
Fri Jul 20 16:47:17 CDT 2007
On 7/20/07, Scott Oertel <freebsd at scottevil.com> wrote:
> I just don't see the problem really with having a script inside
> /root/bin, which is completely locked down to only the root user, which
> parses logs via a cron job. I just don't see the harm.
>
>
> -Scott Oertel
If there was an unknown exploit in your log processing tool, and that
hole could be exploited by inserting a string into one of the logs that
was processed by your tool, a string could be inserted into the log
some how -- inserting strings into logs is certainly possible with
web server logs, for instance, that log the user agent, for instance --
the exploit could be exploited. This is "theoretical exploit" territory,
of course, which is a kind of endless flat-earth sort of debate -- the
question is, is "completely locking down" any computer program
possible.
More information about the Kclug
mailing list