From owner-freebsd-questions  Wed Nov 18 12:02:05 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA28583
          for freebsd-questions-outgoing; Wed, 18 Nov 1998 12:02:05 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from smtp05.wxs.nl (smtp05.wxs.nl [195.121.6.57])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA28464
          for <freebsd-questions@FreeBSD.ORG>; Wed, 18 Nov 1998 12:01:50 -0800 (PST)
          (envelope-from asmodai@wxs.nl)
Received: from chronias.ninth-circle.org ([195.121.59.149])
          by smtp05.wxs.nl (Netscape Messaging Server 3.6)  with ESMTP
          id AAA7C8; Wed, 18 Nov 1998 20:01:13 +0100
Message-ID: <XFMail.981118210543.asmodai@wxs.nl>
X-Mailer: XFMail 1.3 [p0] on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <Pine.SCO.3.96.981119084138.13349B-100000@kiwi.pinnacle.co.nz>
Date: Wed, 18 Nov 1998 21:05:43 +0100 (CET)
Organization: Ninth Circle Enterprises
From: Jeroen Ruigrok/Asmodai <asmodai@wxs.nl>
To: Jonathan Chen <jonc@pinnacle.co.nz>
Subject: Re: C executables
Cc: G578@ix.netcom.com, freebsd-questions@FreeBSD.ORG
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On 18-Nov-98 Jonathan Chen wrote:
> On Wed, 18 Nov 1998, Jeroen Ruigrok/Asmodai wrote:
>> On 18-Nov-98 Jonathan Chen wrote:

>> And by doing that ye start the slow descent into security compromise. If one
>> would have . in their PATH ye are risking to faster execute maliscious code
>> than by doing ./name. 
> 
> It all comes down to the compromise between security and convenience.
> Having the current directory in PATH as root is *ALWAYS* a bad idea,
> but as a std. user is mostly fine (and very convenient) if you're
> developing applications; and if you ever run a trojan (what were you
> doing peeking into other people's directories?), the only person you'd
> affect is yourself - system security is *not* compromised.

Mayhaps, but as I have learned by now: security can never be put back. Not even
at yer home system IMO. That's what started all this virus/trojans stuff on
Windows platforms in the first place: user carelessness...

Depends, most users log in as root... See my point?

I agree on most of yer points, but given what I do for work I would get my arse
kicked for allowing PATHs like .  =)

---
Jeroen Ruigrok van der Werven/Asmodai
asmodai(at)wxs.nl                   |  Cum angelis et pueris,
Junior Network/Security Specialist  |  fideles inveniamur
*BSD & picoBSD: The Power to Serve... <http://www.freebsd.org>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message