Hi, We all know that old chestnut about tracing setuid programs or scripts, but what about non-setuid scripts which have been installed for users and given execute only permission. For example, a lot of sites provide scripts for users to run which perform some admin related function and thus have usernames or passwords within them - potentially free to users. The thing I want to do is make a few people think about fixing this by taking whatever steps are necessary on a per-installation basis. It is a silly kind of thing which seems to be overlooked all too often. There is some trivial code attached for those who really do not see my point. This is bound to be covered somewhere, I just want to get viewpoints. Jon.
This archive was generated by hypermail 2b30 : Wed Feb 12 2003 - 14:30:14 PST