Re: [BackupPC-users] DumpPreUserCmd status returns
2009-12-01 10:49:38
Jeff writes:
> The only challenge is that commands like DumpPreUserCmd are executed
directly without a shell which means I have to either wrap it in a
> script or in some "bash -c" ugliness.
Yes.
> Which brings to mind a suggestion...
> Why not execute these commands in a shell.
> They are not run that frequently (once per day per host) so the
> overhead of launching a shell would be low while the benefit would be
> high in terms of flexibility.
It's not the overhead - the goal is to avoid potential security
issues with shells (which come from all the flexibility it offers).
While a shell can certainly be used securely (including careful
argument checking, using absolute paths for executables, using -b
etc), one of several risks include having someone sneak in arguments
that include meta characters (eg "; /bin/rm -rf /").
Craig
------------------------------------------------------------------------------
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing.
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [BackupPC-users] DumpPreUserCmd status returns,
Craig Barratt <=
|
|
|