[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: all xterms

On Wed, Nov 03, 1999 at 04:45:22PM +0100, Tomasz Wegrzanowski wrote:
> > I think I can guess at least one possible reason for doing this.
> > By searching anywhere in the path, especially with these particular
> > programs, you introduce a *potential* security hole. Knowing exactly
> > which pgp/gpg binary you're running is a Good Thing. [2]
> NO, you are completely WRONG. If one have $PATH pointing to
> world-writable directory he has already NO security AT ALL ! This is
> not *potential* security hole.

Sure, if you ever have a world writeable directory in $PATH
that's a security hole -- someone can put an ls that does whatever
they want, with your permissions.

Simple solution: don't do that.


Reply to: