Re: Unable to start program
Torsten Hilbrich <Torsten.Hilbrich@gmx.net> writes:
> Daniel Martin at cush <dtm12@jhunix.hcf.jhu.edu> writes:
<SNIP>
> > root's initialization files, or into the system-wide path. (I should
> > qualify this with the statement that I don't completely understand why
> > this is a security hole when it's done as the last component of the
> > PATH, but...)
>
> Quite simple, think of a command named sl put in some users home
> directory and root which tries to type ls but accidently typed sl. If
> cwd is that directory the program sl is executed with root priviledge
> :-(.
Fair enough; I was thinking that no one would be careless enough to
allow typos into command lines typed in a root shell. (I know that I,
for one, am painstakingly careful about what I type as root after
hosing a slackware system three years back with an accidental
'rm -r /lib' - I had meant to do 'rm -r /lib/pbmcompat/' but on that
keyboard the '/' and return were just too close together...)
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: