Quote:
Originally Posted by
Don Cragun
What am I missing??? Why are you arguing that wisecracker's code provides a reasonable approach to solve the OP's problem?
Not at all. Wisecracker's suggestion has several flaws and is obviously using a broken approach in the first place.
I was just commenting on your second statement "
it is easy for them to replace the utilities you thought you had specified with other utilities of their choosing." In the general case, it is hopefully not easy or even possible for other users to modify or replace files you have previously created in /tmp. Many utilities and applications routinely create and use files in /tmp with no particular security risks. As I wrote and you later mentioned too, it is however possible to anticipate and create files with the same name in the first place but this is a case that can be easily detected by a robust script.
Quote:
Given that any other user on the system can prevent you from creating an executable file in /tmp to be run by your script (just by running the same script with no malice intended), why do you think /tmp is an appropriate directory in which to install utilities (or files containing the paths of utilities) for use by any script that you want to run?
I believe it is not necessarily inappropriate. There are a couple of advantages to use /tmp (or better /var/tmp if persistance is required) to store files and commands. As a matter of fact, I have been doing this on hundreds of machines for several decades without any major issue (outside the scripts being removed by erroneous cleaning procedures). Of course, some measures should be taken to avoid the race condition and other risks but if done properly, there are no fundamental issues.
---------- Post updated at 15:52 ---------- Previous update was at 13:29 ----------
Quote:
Originally Posted by
Corona688
The real problem is that other UNIX cannot use these ideas to improve itself due to copyleft, so these improved features will never be anything but GNU.
I'm afraid this is incorrect. GNU which itself started by reimplementing commands and APIs found in proprietary Unix OSes doesn't forbid itself to reimplement GNUisms on non GPL code. What is forbidden by the GPL license is to reuse code, not ideas.
For example the
-iname option has been added to the supported ones with the
Solaris 11 standard find utility, same for the compression options like
-z and
-j with
Solaris tar.