|
-
June 18th, 2002, 01:55 AM
#1
perl scripting advice?
I do a lot of PERL scripting for a small company to do various sysadmin tasks on the LP subsystem of several HP-UX systems. I'd like to think my code is fairly bulletproof, but I'm not a perl expert yet, and these scripts are usually running as 'lp' or 'root'. (an unfortunate necessity for much of the LP subsystem). Can anyone give me a few scripting tips I can follow so I'm not opening up a buffer overflow hole or some other exploit?
/* You are not expected to understand this. */
-
June 18th, 2002, 10:16 AM
#2
Start all your scripts with the following code:
#!/usr/bin/perl -wT
use strict;
This will force warnings, taint checking and strict variable assignments to ensure that data doesn't come from unauthorised external sources, all variables are declared/assigned properly etc.
Buffer overflows tend to occur with C programs, although there's nothing wrong with being paranoid. Can you not create a separate group/user to run the scripts instead of root (nobody is a choice many people use)?
-
June 18th, 2002, 10:24 AM
#3
OpenBSD - The proactively secure operating system.
-
June 18th, 2002, 09:14 PM
#4
Nice site, smirc! Thanks!
pwaring -- I CAN run the scripts under a different name, but to access some of the commands in the lp sub-system, I will have to become 'lp' or 'root' at some time. Multiple print job cancels, for example, cannot be done by an ordinary user. Must be done by 'lp'.
Anyone with 'lp' access, however, can wreak some serious havoc with business-critical output.
/* You are not expected to understand this. */
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote