Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.uwa.edu.au!classic.iinet.com.au!swing.iinet.net.au!news.uoregon.edu!gatech!news.sprintlink.net!mail01.ljextra.com!biango From: biango@ljextra.com () Newsgroups: comp.unix.bsd.bsdi.misc,comp.lang.perl.misc Subject: Re: setuid perl scripts Followup-To: comp.unix.bsd.bsdi.misc,comp.lang.perl.misc Date: 12 Oct 1995 16:24:17 GMT Organization: New York Law Journal Lines: 20 Message-ID: <45jffh$cds@mail01.ljextra.com> References: <fmontes-0510951946560001@200.4.12.6> <45e1f6$2uv@ida.interface-business.de> NNTP-Posting-Host: sea.ljextra.com X-Newsreader: TIN [version 1.2 PL2] Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:1203 comp.lang.perl.misc:4797 J Wunsch (j@interface-business.de) wrote: : Piping the output of a command is prohibited in setuid Perl scripts : (since it implies a shell). The man page describes a way to work : around it (in the setuid section): : open(WTMP, "-|") || : exec "/usr/bin/last", "-f", "/var/log/TAC/wtmp"; What about just opening a file for output like - open(IN, ">$foo"); What would be the equivalent "secure" way of doing this... M. Biango biango@ljextra.com