[Discuss] Program path maintenance and security (was Re: Debian 12 vs. WSL 1)
Rich Pieri
richard.pieri at gmail.com
Thu Jun 22 17:26:59 EDT 2023
On Thu, 22 Jun 2023 15:07:19 -0500
Derek Martin <invalid at pizzashack.org> wrote:
> 1. As I indicated in the other message, if the program is intended to
> run exclusively in the security context of the user running it, and
> does not at any point require elevated privileges (which needs to
> be evaluated carefully), then using /usr/bin/env is PROBABLY fine,
> particularly if you wrote it and know what it does.
You list three "ifs" around using env. Explicit path to /usr/bin/perl or
whatever has zero "ifs". I leave it to the reader to decide which is
more reliable and secure, and preferable for their environments.
> BUT: the onus is on the user running the perl script to make sure
I correct myself: four "ifs".
--
\m/ (--) \m/
More information about the Discuss
mailing list