| gabriel rosenkoetter on Mon, 17 Jun 2002 05:20:13 +0200 |
|
On Sat, Jun 15, 2002 at 02:00:05PM -0400, Fred K Ollinger wrote: > The user does supply one of the strings, but I'm not going to do a system > b/c I don't know how to get that to work easily w/ a pointer to a char > array. Um... just because you're not using system(3) doesn't mean that you can trust user input data. It's easy to say, "Oh, no one will try to exploit this now..." and have it all come crashing down five years out when someone else has taken your code and run with it. Do it right the first time, every time. > This is an installer that has to run as root. It's so alpha, someone would > have to be a real masocist to try it out, but it does warn the user of > such. :) Why does it have to run as root? There's no reason that any software should have to be run as root under Unix. Sure, if it's to be installed such that all the users can get at it, it's something that's *typically* run as root, but there's no very good reason for that. What if a user wants to install this under his home directory? Why build in artificial limits? -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgpzzb7HLwEG4.pgp
|
|