From owner-freebsd-current Wed Oct 9 18:29:01 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id SAA27650 for current-outgoing; Wed, 9 Oct 1996 18:29:01 -0700 (PDT) Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id SAA27644 for ; Wed, 9 Oct 1996 18:28:58 -0700 (PDT) Received: from msmith@localhost by genesis.atrad.adelaide.edu.au (8.6.12/8.6.9) id KAA16373; Thu, 10 Oct 1996 10:58:45 +0930 From: Michael Smith Message-Id: <199610100128.KAA16373@genesis.atrad.adelaide.edu.au> Subject: Re: /usr/bin/install in -current broken To: richardc@CSUA.Berkeley.EDU (Veggy Vinny) Date: Thu, 10 Oct 1996 10:58:44 +0930 (CST) Cc: imp@village.org, current@freebsd.org In-Reply-To: from "Veggy Vinny" at Oct 9, 96 01:33:24 pm MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Veggy Vinny stands accused of saying: > > Hmmm, is moving the '.' to the last component in the path still a > security risk? I guess you are right that I don't want to have it in > root's path but I guess as the last component it should be okay since no > one can name something with the same name and have me run it... =) How long is it since you typo'ed a command as root? 'xs' instead of 'cd', 'la' or ';s' instead of 'ls', or 'mroe' or 'dirt' (if you're an ex-DOS/VMSer) or whatever. Don't do it. Only put trusted directories on your path as root. > -Vince- GaiaNet Corporation Unix Networking Operations -- ]] Mike Smith, Software Engineer msmith@atrad.adelaide.edu.au [[ ]] Genesis Software genesis@atrad.adelaide.edu.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control (ph/fax) +61-8-267-3039 [[ ]] Collector of old Unix hardware. "Where are your PEZ?" The Tick [[