[Gambas-user] Test Module, First try
Brian G
brian at westwoodsvcs.com
Sun Aug 16 14:30:20 CEST 2020
I agree!
--
Thanks
Brian Saturday, 15 August 2020, 00:07AM -07:00 from Christof Thalhofer chrisml at deganius.de :
>Am 14.08.20 um 20:33 schrieb Brian G:
>
> I need some input here, I am thinking of having a directive for
> gambas scripts that prevent the usage of local libraries The reason I
> have for this is that it would be supper easy to simply hijack a
> script that is being used for production management with a local
> library which could be customized to do bad things if the script is
> being run with sudo privileges.
>
> if my script used library x.0.0.0 from the system /usr/lib/gambas3
> and someone makes a local lib in ~/.local/share/lib/gambas3 called
> x.0.0.0
>
> they just hijacked my script and have su privileges!!!
>
>If the script runs with root privileges
>'~/.local/share/lib/gambas3'
>should translate to:
>
>'/root/.local/share/lib/gambas3'
>
>So ... no problem, as I imagine.
>
>But try it out!
>
>Alles Gute
>
>Christof Thalhofer
>
>--
>Dies ist keine Signatur
>
>
>----[ http://gambaswiki.org/wiki/doc/netiquette ]----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gambas-basic.org/pipermail/user/attachments/20200816/a987619f/attachment.html>
More information about the User
mailing list