Re: Why having the . at the end of someone's PATH is a security ?
> > There shouldn't be a "." in your PATH; even at the end, it's a
> > security risk.
> Why ? How it can be exploited ?
Simple - I put a program called ls in my home directory of a machine I
want to wreck.
rm -r -f
and make it executable. Root cds to my directory to check up on something,
and does an ls. Voila - one hosed system, and chances are he won't notice
until at least some damage is done.
Elen sila lumenn' omentielvo
Steward of the Cambridge Tolkien Society
Selwyn College Computer Support