Re: from a.out to running the darned thing.
On Sun, Jan 23, 2005 at 11:06:53PM -0600, Kent West wrote:
> Travis Crump wrote:
> >I understand . since . could potentially be an insecure directory like
> >/tmp, but what is wrong with ~/bin? If an attacker is able to place a
> >binary in ~/bin doesn't he already have the permissions to do "rm -rf
> >~" himself?
> No, "~/bin" is not the same as "/bin". "~/bin" is the current user's
> directory. Still, I'm not sure that "~/bin" represents a threat, because
> the bad guy's "~/bin" won't be in root's path, and the bad guy
> presumably won't be able to put a bad file in root's "~/bin", which may
> be what you're saying above.
> But having "." in one's path is definitely risky.
You don't have to worry about bad guys to be fearful of . in one's path.
Most problems in computer use are self inflicted user errors. Keeping .
out of PATH protects mere mortals from some of their mistakes.
Paul E Condon