"Outlook not so good."
Outlook is a Microsoft product. This is an article about IBM, so the 8-ball would have to say "Lotus Notes not so good."
No, it went boom, THEN fell down.
So, we built a second one. That one went boom, fell down, then sank into the swamp.
But the third stage stayed up. And that's what you'll have lad, the strongest launch platform in these isles.
And Bash is even executed when you open(INFILE, "/usr/bin/xzgrep error
Yes, there are other ways to do this (call xz directly without the xzgrep wrapper, use IO::Compress::xz, etc).
Ok, perhaps I undermined the importance, but if you are using 'xzgrep' in cgi context in a serious situation, I would say that is still a mistake. Forking and execing in response to an http request is terrible performance wise before getting to the security dubious of it all.
The dhclient-script stuff is pretty significant and I think I would be in a weak position saying that those have no business execing system commands/scripts. However it does suggest it may be worthwhile to have a helper that is non-root with capabilities to allow it to do key stuff to limit it's ability.
# run under mod_perl
print "Content-Type: text/plain\n\n";
Can you see how this prefectly secure quick CGI to find errors in your log file would result in a system compromise?
The other reasonable vector is the use of environment variables set by your dhcp client before running
For example, xzgrep on my Ubuntu system is a bash script, so this is vulnerable:
- The universe did not come from nothing. Thermodynamics prevents this.
- The universe did not create itself. Thermodynamics prevents this.
- The universe was not created.
You left out the most important 4th point:
- Ergo, the universe does not exist.
I guess that disproves the Big Bang Theory! Now what show am I going to watch?
Maybe try something with a little less scientific rigor... How about COSMOS: A Spacetime Odyssey
You have a multi-billion-dollar-sales patented drug? Chip in 0.5% of the revenue to fund NIH grants. Or make your own equivalent grants to truly independant researchers.
Enter into a licensing deal on a drug patent? Chip in 0.5% of the revenue to fund grants.
Isolate out the caffiene genes, and start adding it to other plants. There are times I'm eating breakfast, and I'm thinking "Why am I only getting caffiene from the coffee? Buzz up them hashbrowns! Perk up that toast! If we can introduce it into animals, think about caffinated eggs, or butter, or cheese. We can finally jitter up the world.
To heck with that, splice that gene into a retrovirus, and let me caffeinate every cell in my body!
Build a system that even a fool can use and only a fool will want to use it.