I don't use SCO any more (well, I can give it up any time, honest), but I still get their mags. So, this morning I was leafing through SCO World, August '98 and September/October '98. Therein we find "Nuthin' but Net", "Administering Your System via the Web" by Jim Mohr. This suggests so many really Bad Things it is difficult to know where to start, but here goes. 1. First, set up .rhosts on all your servers, so the webserver can log in and do stuff. 2. Let the user specify the server name as a CGI parameter. Any name they like. 3. Now, using perl, pass that name, unvetted, to rsh like so: open(MSG,'rsh '.$server.' other stuff'); Wonderful. I wonder if we can find a SCO server running this stuff? Oh, BTW, here's a particular gem I shall treasure forever: "Lowering security to make Web access easier is less of a problem". Yeah, right! Cheers, Ben. -- Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org/ and Technical Director|Email: benat_private | A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/ London, England. |"Apache: TDG" http://www.ora.com/catalog/apache/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:51 PDT