A good idea.
Is this checked via SELinux or via the login process?
11734 posts • joined 3 Jun 2008
A good idea.
Is this checked via SELinux or via the login process?
Absolutely, the problem is where the problem is.
But so what?
Go into IT, discover something new every day!
You cannot graft anything to bash without ending up with an eldritch horror that will haunt your nights. The man page insinuates as much.
But ksh and csh are not the way to go.
Just take a proper script language with minimal syntax, preferably functional (hint lots of parentheses hint), that has some syntactically nice ways to start processes and network/control them like a good process juggler, with workflow features and ETL gimmicks directly included.
As for Powershell ... yeah, I have the book by Manning, but, ... I still have to make time for it.
"I don't know who Alan Geer is, and with the following quote from his article I can't be bothered to find out"
Frankly, you should.
You should also stop jumping at words like a neurotic. In my opinion, anything downwards of using a theorem prover that your code does exactly what it says on the tin is "looking at code". And then you need to look at the tin...
Troll/10, would inject code with.
Where is the "This is bait" icon?
I think I met her in a bar yesterday.
even when /bin/sh will do.....
When exactly will /bin/sh do and why should it have helped in any real-world situation (leaving aside 20/20 hindsight)
If someone produced scripted code for me that was dependant on bash (or zsh/tcsh/mksh/ etc.) for no good reason, I'd seriously question their ability.
The only thing in question is whether you are the point-haired boss of Cave Jclson, the RPG programmer moaning about the kids and their modern structured programming.
It clearly is break.
And if you find yourself wondering more than 15 minutes about what bash substitution will do to the the variable-holding text that you have just written and are passing to another command or even an eval ... you know there is a nagging problem of reliability and trust that will be unable to ever shake.
In "Inviting More Heartbleed" (paywalled here ... what do you think you are doing, IEEE?), Alan Geer says:
At this point, we should ask ourselves a core question: Does looking at code actually work as a quality assurance mechanism? DES got more study than any other crypto algorithm ever will and serves as an existence proof that eyeballs can work. Evidently the eyes on it were pretty good, better than the open literature knew at the time. But the DES algorithm, even in optimized implementations, seldom runs longer than 2,000 lines of source code, whereas OpenSSL is more than 2,000 files with north of 600,000 lines of content. Does that mean OpenSSL needs 300 times as many eyeball-years to get it as good as DES? Perhaps the count of available eyes should serve as a limit on the size of a code base.
Bruce Schneier has asked whether security bugs are rare or plentiful. We don’t know. Theo de Raadt’s contention that all bugs are security bugs seems a bit too strong but better that than too weak. Either way, will a determined effort to find bugs yield security value? Yes, if bugs are rare enough that by removing what we find, we materially lower the count of bugs still in operation. If, by contrast, bugs are so plentiful that we can’t make a dent in the overall supply, then finding more is a waste of time as the ensuing work factor doesn’t change the equation one iota.
Given that it’s harder to find bugs in complex operating environments than in simple ones, is there something about how we do things today that has caused us to pass a threshold of complexity, a threshold beyond which quality assurance, no matter how we attempt it, will be infeasible at the level of effort we can or will put to the problem? Again, is the eyeball supply in a continuing shortage such that we should manage it? Have we reached “peak eyeballs” the way some say that we’ve reached “peak oil?”
I've about 40 of these accounts out there and I don't know about anyone else, but I wipe the environment at the top of the script intentionally .
I understand that at this point it's too late?
I seem to recall an input in Java 1.5.(something) that could be used to fork a shell out of a jvm.....
No. You need to run
Process p = Runtime.getRuntime().exec("bash -c '" + injectCommandLikeABeachedWhale() + '");
Running bash scripts to process requests on a web server is 1980-era software design that is in dire need of an upgrade anyway
Doc Brown, you need more jigawatts!
I know that for some Gulf War I was before they were born, but still!
What service do you have listening for TCP calls that will run a bash script with an environment crafted by the caller?
Why would anyone do such a weird thing?
Everybody who uses old-school CGI or anybody who hacked some stuff back in 2000 on the quick?
Yes, yes, yes.
In other news, homeopathy is still a hot topic.
"Illegal State of Siria and the Login"
Damned bash who does it work?
"The big public infrastructure-as-a-service (IaaS) players may be on the brink of a crisis as cataclysmic as the 2008 banking crash"
Yes, but the whole economy is also on the brink of a crisis far more cataclysmic than the 2008 banking crash and the 2001 dot.com crash. Where is your credit now?
Let's invest in a couple of on-premise servers.
In today’s post Wolf Richter offers some solid insights on the dynamics of financial bubbles which merit further comment. The starting point is to recognize that once they gain a head of steam, financial bubbles tend to envelope virtually every nook and cranny of the economy, creating terrible distortions and destructive excesses as they rumble forward. In this instance, Wolf Richter explains how Silicon Valley has once again (like 1999-2000) been transformed into a rollicking capital “burn rate” machine that has spawned a whole economy based on striving for bigger losses, not better profits.
This latter development—- currently exemplified by 44 VC start-up companies in the IPO pipeline with a valuation of more than $1 billion each, despite no earnings and scarce revenues—-is indicative of late stage bubble dynamics. Say January 2000!
"He said nobody predicted the financial meltdown in the banking sector"
That wheeled armored vehicle on the diagram seems to be increasingly Ukrainized by mysterious radiation from space while the F-16 just receives wholesome blue emissions. What's going on?
Oh beautiful 21st century of amazements and sheer wonder.
gb2 /b/, *****
So Emma Watson is just collateral damage in .... a marketroid campaign performed by people who can't into securing the Apache webserver status page?
We are reaching "CoS pulling a Xenu" levels of QUALITY here.
But there is no shlickening?
Not enough feminism, I say!
"I don't understand the obsession people have with adjusting thermostats."
It's the new "cooller app"
A security issue has been identified on our WiFi Thermostat…
The issue consists in the fact that it exists.
This would mean the going price is 36x the YoY profit? Clearly a generational game.
"Who's your co-pilot?" asked PDP-1 Kenobi.
"Two Bacco, here, my Bookie."
"Odds aren't good," said the brownish lump beside him, and then fell silent, or over.
Did they include REMAINS of druidic underground passages opening on stairways guarded by GIGANTIC STONES leading to VAST, HIDDEN abysses wherein waft NEPHITIC VAPORS of SHOCKING DECAY and the faint sound of MAD PIPING and DRUMMING coming from the UTTER DARKNESS below is just an indication that here lurks UTTER TERROR that is best left alone?
The mere fact that "it's not Windows 8" will move a ton of copies, since the whole "every second version is crap" pattern is widely believed.
But has anyone outside of late-night geek talking circles ever heard of it?
"On September 30, we will be providing an update on what’s next for Windows and the enterprise."
jQuery security bods found no evidence that its site was foisting the drive-by download however
After verifying that the site was indeed redirecting users to a malware dropper, we immediately contacted jQuery.com to alert them to the attack. While they weren’t able to determine the root cause of the attack, the site’s administrators were addressing the issue.
Hitting this redirector, we continued to be redirected to the RIG exploit kit, even though we weren't able to replicate the script injection on jQuery.com with subsequent requests.
So what's the actual status?
... the ISS would host a wormhole portal and SpaceX would bring down rare artifacts and mysterious specimens from unknown biospheres.
Fruit flies? PAH!
> prestigious organisation which deserves respect,
Pretentious organization which deserves all the disrespect one can muster?
Why anyone would freely choose to work there is beyond me.
What makes you think this is the case?
Andrei Linde's theory of cosmic inflation – that for a few moments the expansion of space exceeded the speed of light.
I am shocked! I always thought that Alan Guth came up with inflation and that Andrei Linde only tacked the "inflationary multiverse" idea onto this, whereby the visible universe is just a local region of a forever inflating bubbly multiverse, where the various regions of that multiverse may or may not have varying values for natural constants. This idea is somewhat romantic though largely content-free and to all likelihood forever unverifiable. Not to be confused with the stringy multiverse whereby there are alternate realities that exist in some sort of quantum superverse, an idea which is content-free-er and frankly bonkers metaphysical.
Humanity is pretty good at covering up the existence of aliens and feeding goats to aliens who also mutilate cows in alien ways, meanwhile conspiring with aliens to modify human DNA, possibly via bees carrying alien nanovirus, and re-electing politicians controlled by aliens and having aliens take honorary seats at the trilateral commission while unfairly stealing and reverse-engineering the technology of creative aliens as well as crashed alien craft where we hide the alien corpses in nitrogen-cooled fridges, so that even the aliens do not notice that they are being taken for an alien rickroll.
We are actually the masters of Soviet-Style "technology transfer". Just pray there is no alien WIPO out there, otherwise that's gonna be costly.
Humans fuck year!
If asteroids (etc) mass is/are reduced via mining, could that affect their trajectory (especially in regards to gravitational pull from other masses) and therefore endanger the earth?
Evidently, you need to blast chunks uniformly at random in all directions to keep the vector sum of momentum changes at 0. This is also called "goan fish curry mining".
> I call fake ;(_ The shadows are wrong!
Damn, this looks like a shot from a movie version of "The Martian Chronicles".
Why are there no STARS in space?....Not a single spec of light anywhere on the NASA photos?
Because NASA was totally fecking clueless and got some cheap black-painted dome installed by barely-literate chinese migrant workers instead of properly hiring Stanley Kubrick to do full-star awesome super-effects like he did a year earlier with "2001 - A Space Odyssey".
It's simple really. Then they had to set up O.J. Simpson for murder because the Mars Landing Project bombed when the Face on Mars was discovered (and what was underneath) and whistles got blown out of proportion, but that is another horror story involving Agent Orange and Oswald.
I am extremely dismayed and shocked. It is good that private companies step up to the plate and nip this kind of antisocial behaviour in the bud.
A visit to the Ministry of Love for reeducation should be mandatory.
The Wifi connection from the pub downstairs will now be taken away!
On the other hand, Phones4U has no god-given (or govt-mandated) right to play as an intermediary of the carrier and the customer.
It may exploit a niche for some time, but niches have the nasty tendency to close.
"Capitalism" is not about preservation.
Reptilian sex is not very exciting though.
That kind of prayer might well lead to a liberating action by the US air force. You don't want that.
You take the Red Pill - and I will show you how deep the Oculus Rift goes!
I think this is still tongue-in-cheek:
Announced at Sony’s Tokyo Game Show press conference, Summer Lesson is a virtual reality game where it appears you will tutor a Japanese schoolgirl using Project Morpheus. If this is released, public officials fear Japan’s population will hit zero before 2100.
“There is no turning back if this game is released,” explained population scientist Akita Osamu, “Japan’s population is already under attack and Summer Lesson will be the finishing blow. It is already affecting Japan as we speak. I am currently single and I have already pre-ordered this game earlier today. I will die alone and that is perfectly fine with me and Nahoko which is the name of the girl I have chosen for Summer Lesson.”
Even Japan’s prime minister Shinzo Abe personally went out of his way to beg Sony CEO Kazuo Hirai to prevent the release of this game. Unfortunately, Hirai said that it was out of his hands arguing that Japan would eventually fall victim to a game like Summer Lesson and believed it would be most honorable if Japan did it to themselves rather than having a game from the American Oculus Rift do it.
They are probably setting up another kickstarter campaign?
I also noticed that in the new TV show "Glue" all the teen kids on that have Nokia Lumia phones
But this be just product placement, innit?
It would be awesome if these where like giant robots and stuff and a fistfight or a flaming-sword-fight would break out on the way.