[Gambas-user] Test Module, First try
Christof Thalhofer
chrisml at deganius.de
Sat Aug 15 09:06:35 CEST 2020
Am 14.08.20 um 20:33 schrieb Brian G:
> I need some input here, I am thinking of having a directive for
> gambas scripts that prevent the usage of local libraries The reason I
> have for this is that it would be supper easy to simply hijack a
> script that is being used for production management with a local
> library which could be customized to do bad things if the script is
> being run with sudo privileges.
>
> if my script used library x.0.0.0 from the system /usr/lib/gambas3
> and someone makes a local lib in ~/.local/share/lib/gambas3 called
> x.0.0.0
>
> they just hijacked my script and have su privileges!!!
If the script runs with root privileges
'~/.local/share/lib/gambas3'
should translate to:
'/root/.local/share/lib/gambas3'
So ... no problem, as I imagine.
But try it out!
Alles Gute
Christof Thalhofer
--
Dies ist keine Signatur
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gambas-basic.org/pipermail/user/attachments/20200815/c7e79d2a/attachment.sig>
More information about the User
mailing list