Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Well, it <strong>sounds</strong> paranoid, but if it is or not depends on which system(s) your application is running on and which damage can an attacker do.</p> <p>So, if your userbase is possibly hostile and if the damage is possibly very high, I'd go for the option 4, but modified as follows to remove its drawbacks.</p> <p>Let me quote two relevant things:</p> <p>1)</p> <blockquote> <p>The programs currently check that $PQRHOME and key directories under it are 'safe' (owned by pqrusr, belong to pqrgrp, do not have public write access).</p> </blockquote> <p>2)</p> <blockquote> <p>Thereafter, programs access files under $PQRHOME via the full value of environment variable.</p> </blockquote> <p>You don't need to actually hard-code the full path, you can hard-code just the relative path from the "program" you mentioned in 1) to the path mentioned in 2) where the files are. </p> <p>Issue to control:</p> <p>a) you must be sure that there isn't anything "attacker-accessible" (e.g. in term of symlinks) in between the executable's path and the files' path</p> <p>b) you must be sure that the executable check its own path in a reliable way, but this should not be a problem in all the Unix'es I know (but I don't know all 'em and I don't know windows at all).</p> <hr> <p>EDITED after the 3rd comment:</p> <p>If your OS support /proc, the syslink /proc/${pid}/exe is the best way to solve b)</p> <hr> <p>EDITED after sleeping on it:</p> <p>Is the installation a "safe" process? If so, you might create (at installation time) a wrapper script. This script should be executable but not writable (and possibly neither readable). It would set the $PQRHOME env var to the "safe" value and then call your actual program (it might eventually do other useful things too). Since in UNIX the env vars of a running process <strong>cannot</strong> be changed by anything else but the running process, you are safe (of course the env vars <em>can</em> be changed by the parent <strong>before</strong> the process starts). I do not know if this approach works in Windows, though.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload