Arno Lehmann wrote: > Thinking about it some more I'd suggest to implement some basic security > features before passing any script output to baculas working parts. > > - paths without leading / (or drive letter, for windows) should be > considered an error, > - \0 should be an error, > - scripts should have to be owned by root or the user bacula runs as and > must have access rights 0700. For example.
None of these would protect against a directory name which ends in \n -- Russell Howe [EMAIL PROTECTED] ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
