Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!news.kei.com!news.mathworks.com!newsfeed.internetmci.com!EU.net!Germany.EU.net!Dortmund.Germany.EU.net!interface-business.de!not-for-mail From: j@interface-business.de (J Wunsch) Newsgroups: comp.unix.bsd.bsdi.misc,comp.lang.perl.misc Subject: Re: setuid perl scripts Date: 13 Oct 1995 10:25:37 +0100 Organization: interface business GmbH, Dresden Lines: 18 Message-ID: <45lbah$1dh@ida.interface-business.de> References: <fmontes-0510951946560001@200.4.12.6> <45e1f6$2uv@ida.interface-business.de> <45jffh$cds@mail01.ljextra.com> NNTP-Posting-Host: ida.interface-business.de Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:1221 comp.lang.perl.misc:4944 <biango@ljextra.com> wrote: >: open(WTMP, "-|") || >: exec "/usr/bin/last", "-f", "/var/log/TAC/wtmp"; > > > >What about just opening a file for output like - > > open(IN, ">$foo"); > >What would be the equivalent "secure" way of doing this... It is secure unless $foo is "tainted" (e.g. derived from user input). -- J"org Wunsch Unix support engineer joerg_wunsch@interface-business.de [private: http://www.sax.de/~joerg/]