[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: es security

To: steve@gec-epl.co.uk
Subject: Re: es security
From: haahr@mv.us.adobe.com (Paul Haahr)
Date: Tue, 20 Jul 1993 16:47:23 -0400
Cc: es@hawkwind.utcs.toronto.edu

-p notwithstanding, i don't consider es sufficient for ``secure'' scripts.

i don't know off-hand of any real problems.  neither i nor anybody i know
has analyzed for problems when using it for set-uid/set-gid scripts.  my
presumption before a serious analysis has been done is that such a script
is insecure.  in the case of es in particular, there are so many places
where the string -> program-fragment transition can happen that i wouldn't
feel secure that one such potential transition would happen when the author
of a supposedly secure script didn't want it.

paul        

ps:  i just thought of one real problem which is an impediment to using
straight es-0.88 for secure scripts.  the -l flag should probably be 
ignored if -p is used; it isn't right now.

pps:  what about the old symbolic link to a shell script named ``-s''?

Prev by Date: Re: es security
Next by Date: Re: es security
Previous by thread: Re: es security
Next by thread: Re: es security
Index(es):
- Date
- Thread