Ну чтобы не бояться не быть полезным - Post a comment
[Recent Entries][Archive][Friends][User Info]
|
11:07 pm
imz[Link] |
Unix must die
Yes. Set-uid shell scripts work on HP-UX, for example, the kernel of which is a derivative of 4.2 BSD. ("Work" used loosely here, because it is a bad thing.)
However, setuid shell scripts are such a security hole that they should never exist. Much of the time spent by the security scanners for unix scan for just such problems.
Unix programming and design are partially crazy!
What do Unices suggest? Two alternatives are considered (a bad thing and a bad thing):
- You can write in C; it's one of the most distressful tasks to write a decent program in C! (But kernels need this.) A program in C should be suspected to be wrong and insecure. But if you have checked it 100 times, go ahead and make it a setuid-root program (when you need a setuid-root program).
- Or (what have Unices achieved as an alternative?), also, there have been created "shells", "bash" is a very poplar one. The design of its syntax is so braindead that nobody has enough will to write correct bash programs, most of them are well understood to work just in 90% cases (e.g., having to type all the quotation marks in a line like
file "$(which "$cmd")" kills me whenever I need it). Everybody feels happier when he writes trash as shell scripts instead of correct code. And the Unix Designers have decided to be fascists and disallow setuid-root interpreted programs at all in favor of security!
Binary code can't save you; high-level languages could save you from many low-level errors, no matter whether interpreted or compiled! But Unices have born the monster "Bourne-Again Shell" instead of some sane popular high-level language.
And that's in XX1 century!
The minorities which understand sane high-level languages are suffering from the restrictions done for the dumb majority.
Revolution or death (of Unix)!
(BTW, the Plan9's shell looks nicer, I'll try to get used to it.)
|
|
|
| |