[ILUG] is libxml(2) insecure?
Paul Jakma
paul at clubi.ie
Fri Oct 29 09:54:44 IST 2004
On Fri, 29 Oct 2004, Laur Ivan wrote:
> Hi all,
>
> I guess the subject says it all :). I'm thinking of writing a rc.d
> daemon and had a look in /etc/sysconfig to get a feel for the type
> of configuration files used by the "network start/stop". ...and
> noticed that all files I looked at are ".ini" style (aka
> "Key=Value").
They're not. They're shell scripts, and they're get sourced init
scripts. You could in theory put arbitrary bash shell into them,
though seeing as how they're only ever used for variable definitions,
i suspect it'd be bad form to put anything but variable definitions
in them.
Anyway, they're shell script "snippets".
> Few questions arise:
> 1. Is this the generic case?
For /etc/{default,sysconfig} files? yes.
> 2. Besides the ability to include such linear files in scripts
> through ". script", is there any other reason?
no idea.
> 3. Is the XML library a security risk? Would it be ok use it for
> configuration storage/processing?
no idea.
regards,
--
Paul Jakma paul at clubi.ie paul at jakma.org Key ID: 64A2FF6A
Fortune:
Dogs just don't seem to be able to tell the difference between important people
and the rest of us.
More information about the ILUG
mailing list