From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Mon, 27 Jun 2005 11:48:52 +0400 From: Alexey Tourbin To: Sisyphus Message-ID: <20050627074852.GI31585@solemn.turbinal.org> Mail-Followup-To: Sisyphus References: <20050626090644.GB31585@solemn.turbinal.org> <200506271130.16915.serpiph@nikiet.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="r4QXMf6/kyF/FvJJ" Content-Disposition: inline In-Reply-To: <200506271130.16915.serpiph@nikiet.ru> Subject: [sisyphus] Re: Q: perl security, CPAN security X-BeenThere: sisyphus@altlinux.ru X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ALT Linux Sisyphus discussion list List-Id: ALT Linux Sisyphus discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jun 2005 07:49:01 -0000 Archived-At: List-Archive: --r4QXMf6/kyF/FvJJ Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 27, 2005 at 11:30:16AM +0400, Epiphanov Sergei wrote: > > 1) perl, =C5=D3=CC=C9 =DA=C1=D0=D5=DD=C5=CE =CF=D4 root'=C1, =C4=CF=CC= =D6=C5=CE =D2=C1=C2=CF=D4=C1=D4=D8 =D7 =D2=C5=D6=C9=CD=C5 taint mode. > =EB=D4=CF =CB=CF=CD=D5 =C4=CF=CC=D6=C5=CE? =F1 =D0=CF=CE=C9=CD=C1=C0, =DE= =D4=CF =CC=D5=DE=DB=C5 =D7=D3=C5=C7=CF, =C5=D3=CC=C9 =DC=D4=CF=D4 =D2=C5=D6= =C9=CD =D7=CB=CC=C0=DE=A3=CE. =EE=CF=20 > =CB=CF=C7=C4=C1 =CE=C5=CF=C2=C8=CF=C4=C9=CD=CF, =DE=D4=CF=C2=D9 =CF=D4=D2= =C1=C2=CF=D4=C1=CC =D3=D7=CF=CA =D3=CF=C2=D3=D4=D7=C5=CE=CE=D9=CA =D3=CB=D2= =C9=D0=D4, =CE=C5=C4=CF=D3=D4=D5=D0=CE=D9=CA=20 > =C4=D2=D5=C7=C9=CD, =CD=CE=C5 =CC=C5=CE=D8 =D4=D2=C1=D4=C9=D4=D8 =D7=D2= =C5=CD=C5=CE=C9 =C9 =D3=C9=CC =D7 =C4=D7=C1 =D2=C1=DA=C1 =C2=CF=CC=D8=DB=C5= . =F3=C1=CD =CE=C1=D0=C9=D3=C1=CC - =D3=C1=CD=20 > =D7=C9=CE=CF=D7=C1=D4 =D7 =D0=CF=D3=CC=C5=C4=D3=D4=D7=C9=D1=C8. =EE=C5=D4= =D5=D6, =D0=D5=D3=D4=D8 =C2=D5=C4=C5=D4 =CB=C1=CB =C5=D3=D4=D8. =F7=D9 =DA=C1=D0=D5=D3=CB=C1=C5=D4=C5 =DC=D4=CF=D4 =D3=CB=D2=C9=D0=D4 =CF= =D4 =D2=D5=D4=C1? :) =F4=CF=C7=C4=C1 =D7=C1=CD =D3=C0=C4=C1: http://www.linux.org.ru/view-message.jsp?msgid=3D392747&page=3D0 =F3=C5=CA=DE=C1=D3 =D0=D2=C1=D7=C9=CC=CF =C4=CC=D1 =C9=CD=D0=CC=C9=C3=C9=D4= =CE=CF=C7=CF =D7=CB=CC=C0=DE=C5=CE=C9=D1 tain mode =D7=D9=C7=CC=D1=C4=C9=D4= =D4=C1=CB: perl.c: PL_tainting |=3D (PL_uid && (PL_euid !=3D PL_uid || PL_egid !=3D= PL_gid)); =F0=D2=C5=C4=CC=C1=C7=C1=C5=D4=D3=D1 =C4=CF=C2=C1=D7=C9=D4=D8 =D7 =D5=D3=CC= =CF=D7=C9=C5 PL_euid=3D=3D0 || ... > > 2) =EE=D5=D6=CE=CF =DA=C1=D0=D2=C5=D4=C9=D4=D8 =DA=C1=D0=D5=D3=CB=C1=D4= =D8 CPAN =CF=D4 root'=C1. =F7=CF=DA=CD=CF=D6=CE=C1=D1 =C1=CC=D8=D4=C5=D2= =CE=C1=D4=C9=D7=C1 -- > > =C7=D2=D5=D0=D0=C1 cpan =C9 =D0=D2=C1=D7=C1 03775 root:cpan =CE=C1 /usr= /local/lib/perl5. >=20 > =E1 =F7=D9 =D5=D6=C5 =D0=D2=CF=D7=C5=D2=D1=CC=C9, =DE=D4=CF =DC=D4=CF =DA= =C1=D2=C1=C2=CF=D4=C1=C5=D4 =CE=CF=D2=CD=C1=CC=D8=CE=CF? =F1 =D5=D6=C5 =CE= =C1 =D0=CF=C4=CF=C2=CE=CF=CD =CE=C1=CC=C5=D4=C5=CC:=20 > =D0=CF=D3=CF=D7=C5=D4=CF=D7=C1=CC =D3=CE=C1=DE=C1=CC=C1, =C1 =CB=CF=C7=C4= =C1 =D3=D4=C1=CC =D0=D2=CF=D7=C5=D2=D1=D4=D8, =D4=CF =D0=CF=CE=D1=CC, =DE= =D4=CF =D4=C1=CB =CE=C5=CC=D8=DA=D1. :( =EE=C5=D4 =C5=DD=A3. =EE=CF =D0=D2=C9=CE=C3=C9=D0=C9=C1=CC=D8=CE=D9=C8 =CF= =C7=D2=C1=CE=C9=DE=C5=CE=C9=CA =CE=C5 =D7=C9=D6=D5. --r4QXMf6/kyF/FvJJ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFCv69kfBKgtDjnu0YRAsM8AKCOxr00tVWvh1d6bvFPl0drH2W4iACgv3wG d85cWJjBlkalV5AYef5EHgU= =hvlV -----END PGP SIGNATURE----- --r4QXMf6/kyF/FvJJ--