Re: [BackupPC-users] DumpPreUserCmd status returns
2009-12-01 13:58:42
Craig Barratt wrote at about 07:47:13 -0800 on Tuesday, December 1, 2009:
> Jeff writes:
> > Which brings to mind a suggestion...
> > Why not execute these commands in a shell.
> > They are not run that frequently (once per day per host) so the
> > overhead of launching a shell would be low while the benefit would be
> > high in terms of flexibility.
>
> It's not the overhead - the goal is to avoid potential security
> issues with shells (which come from all the flexibility it offers).
> While a shell can certainly be used securely (including careful
> argument checking, using absolute paths for executables, using -b
> etc), one of several risks include having someone sneak in arguments
> that include meta characters (eg "; /bin/rm -rf /").
>
What about offering shells as a user-configurable option?
------------------------------------------------------------------------------
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing.
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
|
|