[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Unable to start program

Torsten Hilbrich <Torsten.Hilbrich@gmx.net> writes:

> Daniel Martin at cush <dtm12@jhunix.hcf.jhu.edu> writes:
> > root's initialization files, or into the system-wide path.  (I should
> > qualify this with the statement that I don't completely understand why 
> > this is a security hole when it's done as the last component of the
> > PATH, but...)
> Quite simple, think of a command named sl put in some users home
> directory and root which tries to type ls but accidently typed sl.  If
> cwd is that directory the program sl is executed with root priviledge
> :-(.

Fair enough; I was thinking that no one would be careless enough to
allow typos into command lines typed in a root shell.  (I know that I, 
for one, am painstakingly careful about what I type as root after
hosing a slackware system three years back with an accidental 
'rm -r /lib' - I had meant to do 'rm -r /lib/pbmcompat/' but on that
keyboard the '/' and return were just too close together...)

To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: