Programming and posix - April 2002
April 3, 2002
Solution Symposium
Page 84
hp e3000
programming
and posix
potential posix security pitfalls
• loose or missing umask resulting in world- or group-
writeable security
• files and directories rely on ACDs to implement security,
and many MPE utilities may still result in ACDs being
deleted
• setuid/setgid executables
• shell metacharacters like > or | or ` being parsed by
popen() and system()
• user-supplied file names containing multiple upward
directory references to reach the root and then
downward to any file on the machine, I.e.
../../../SYS/PUB/HPSWINFO