[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why having the . at the end of someone's PATH is a security ?

> > There shouldn't be a "." in your PATH; even at the end, it's a
> > security risk. 
> Why ? How it can be exploited ?

Simple - I put a program called ls in my home directory of a machine I
want to wreck.

cd /
rm -r -f

and make it executable. Root cds to my directory to check up on something,
and does an ls. Voila - one hosed system, and chances are he won't notice
until at least some damage is done.


Elen sila lumenn' omentielvo

Steward of the Cambridge Tolkien Society
Selwyn College Computer Support

Reply to: