
Although, as we’ve seen, the run program on itself is a powerful feature, it is not without risks. Code injectionis the appropriate keyword here. Just imagine a run program like the following has been configured:
run program = /bin/bash -c "ls -l $DIRSPEC"
And that DIRSPEC is a parameter of type parameter. That means that if someone has operating privilegesfor that job, that person is able to change the contents of the DIRSPEC parameter. Hence, it wouldn’t be aproblem at all to change the...
More