Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!cs.utexas.edu!convex!usenet From: tchrist@convex.COM (Tom Christiansen) Newsgroups: comp.lang.perl Subject: Re: I get "Insecure PATH" when I run commands from emacs... Message-ID: <1991Jun17.011615.13952@convex.com> Date: 17 Jun 91 01:16:15 GMT References: <1991Jun16.212315.4751@convex.com> Sender: usenet@convex.com (news access account) Reply-To: tchrist@convex.COM (Tom Christiansen) Distribution: comp.lang.perl Organization: CONVEX Software Development, Richardson, TX Lines: 17 Nntp-Posting-Host: pixel.convex.com From the keyboard of chetal@pyrps5.pyramid.com (Pradeep Chetal): :It is a setgid emacs running on the system. :It also shows the egid when I run the "id" script :via "emacs" as a Shell command. Since I do NOT have :any control over the emacs, can I change the programming style so that :I do NOT get the "Insecure PATH" problem. OR I should avoid such :programming practice. I smell a security hole. emacs should not run sgid, and if it really must, it should do a setgid(getgid()) before and fork/execs. If you're going to make a special group for protection, why let anyone who wants to run in it whenever they wish? --tom -- Tom Christiansen tchrist@convex.com convex!tchrist "So much mail, so little time."