<div dir="ltr">Just because the process doesn't run as root is not a free ride to user security. Outside data being run as a user is also suspect. User privilege escalation is a cause for concern. Never trust data from outside under any reason. untaint always with no exceptions. untaint even your own data just to stay in the habit.<br>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Apr 8, 2014 at 10:02 AM, Lists <span dir="ltr"><<a href="mailto:lists@serioustechnology.com" target="_blank">lists@serioustechnology.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div>Is there any reason to untaint data in a script that is not run by root or any other system userid? <br>
<br><span style="font-size:13pt">Geoffrey Myers</span></div></div><br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr">-- <br>James P. Kinney III<br><i><i><i><i><br></i></i></i></i>Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br><i><i><i><i><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br></i></i></i></i></div>
</div>