Manualshelf

Programming and posix - April 2002

ManualsBrandsHP ManualsSoftwareMPE/iX 6.0 Operating System
81828384858687888990
April 3, 2002
Solution Symposium
Page 84
hp e3000
programming
and posix
potential posix security pitfalls
loose or missing umask resulting in world- or group-
writeable security
files and directories rely on ACDs to implement security,
and many MPE utilities may still result in ACDs being
deleted
setuid/setgid executables
shell metacharacters like > or | or ` being parsed by
popen() and system()
user-supplied file names containing multiple upward
directory references to reach the root and then
downward to any file on the machine, I.e.
../../../SYS/PUB/HPSWINFO