At 11:12 AM 09/28/01 -0700, SRE wrote:
>>And params->index_read_only is set when called as swish-search.
>>But that's all it does.
>So the writing code is still linked in, but not called? And the
>switch is set based on the name by which the tool is invoked?
>That works for me, but probably not for my sysadmin. He wants
>a binary with no possible way to write files...
Can you get a new sysadmin? ;) You mean the sysadmin allows people with
write access to run programs, but they want the programs to not allow write
access? How does that provide any security?
% swish-search -i foo
Sorry, this program is in readonly mode
(Ok, fine, be that way!)
% rm -rf /
Removing all the fopen calls in write mode isn't going to protect against a
buffer overrun exploit, of course, or make up for poorly writen CGI scripts
that allow outside users unauthorized shell access. Right?
Received on Fri Sep 28 21:32:32 2001