Re: Unable to start program

To: debian-user@lists.debian.org
Subject: Re: Unable to start program
From: Daniel Martin at cush <dtm12@jhunix.hcf.jhu.edu>
Date: Wed, 08 Apr 1998 16:32:51 -0400
Message-id: <87ogycawb0.fsf@cush.dyn.ml.org>
In-reply-to: Torsten Hilbrich's message of "08 Apr 1998 13:09:31 +0200"
References: <Pine.LNX.3.96.980407011055.8940J-100000@pc47.mpn.cp.philips.com> <9837.23651.767@marvin.bln.de> <87wwd0wowk.fsf@marvin.bln.de>

Torsten Hilbrich <Torsten.Hilbrich@gmx.net> writes:

> Daniel Martin at cush <dtm12@jhunix.hcf.jhu.edu> writes:
<SNIP>
> > root's initialization files, or into the system-wide path.  (I should
> > qualify this with the statement that I don't completely understand why 
> > this is a security hole when it's done as the last component of the
> > PATH, but...)
> 
> Quite simple, think of a command named sl put in some users home
> directory and root which tries to type ls but accidently typed sl.  If
> cwd is that directory the program sl is executed with root priviledge
> :-(.

Fair enough; I was thinking that no one would be careless enough to
allow typos into command lines typed in a root shell.  (I know that I, 
for one, am painstakingly careful about what I type as root after
hosing a slackware system three years back with an accidental 
'rm -r /lib' - I had meant to do 'rm -r /lib/pbmcompat/' but on that
keyboard the '/' and return were just too close together...)

--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: Unable to start program
  - From: Joost Kooij <kooij@mpn.cp.philips.com>
- Re: Unable to start program
  - From: Torsten Hilbrich <Torsten.Hilbrich@gmx.net>

Prev by Date: Re: Tkdesk error
Next by Date: [no subject]
Previous by thread: Re: Unable to start program
Next by thread: Where is telnet and ftp ?
Index(es):
- Date
- Thread