Re: all xterms
On Wed, Nov 03, 1999 at 04:45:22PM +0100, Tomasz Wegrzanowski wrote:
> > I think I can guess at least one possible reason for doing this.
> > By searching anywhere in the path, especially with these particular
> > programs, you introduce a *potential* security hole. Knowing exactly
> > which pgp/gpg binary you're running is a Good Thing. [2]
>
> NO, you are completely WRONG. If one have $PATH pointing to
> world-writable directory he has already NO security AT ALL ! This is
> not *potential* security hole.
Sure, if you ever have a world writeable directory in $PATH
that's a security hole -- someone can put an ls that does whatever
they want, with your permissions.
Simple solution: don't do that.
--
Raul
Reply to: