Date: Tue, 25 Jun 1996 19:03:49 GMT From: hal@snitt.com (Hal Snyder) To: chat@freebsd.org Subject: The Vinnie Loophole Message-ID: <31d0216c.1105698438@vogon.trans.sni-usa.com>
next in thread | raw e-mail | index | archive | help
[Moved from security to chat for soapboxing] I said: > > 1. How about adding checks for "." or equivalent in $PATH to > > /etc/security? Scan for it in .profile, .bashrc, and so forth. This > > would not catch every offense but would help. David Greenman didn't want something scanning whole file systems (the way /etc/security looks for setuid/setgid changes now). And On Tue, 25 Jun 1996 12:42:33 -0400 (EDT), Jeff Aitken <jaitken@cslab.vt.edu> wrote: > filling my system logs is *not* what I consider helpful. If you put "." > last in the path you should be fine. Previous contributors to the massive "Please Help Me..." thread have pointed out that this only works if you never misspell a command nor try to use one that isn't in your PATH (ping is often not in an ordinary user's PATH, e.g.). Clearly, there is no way to please all users of an operating system. My particular slant comes from spending too much time already dealing with FreeBSD-phobes at work. ("It's free - it can't possibly be: secure/robust/useful/...") Commercial users want to be reassured by sales droids and glitzy packaging that something is basically O.K. Of course, they are also suspicious of open-ended technology like UNIX, that can perform more than a single, simple function. Anything that can be done to keep novice sysadmins from hurting themselves is worth looking at, just to keep the noise level down about how dangerous U**X is.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?31d0216c.1105698438>