Date: Wed, 18 Sep 1996 07:12:42 -0400 From: Gary Chrysler <tcg@ime.net> To: moos@degnet.baynet.de Cc: FreeBSD-questions <questions@freebsd.org> Subject: Re: Quick Question Message-ID: <323FD92A.267@ime.net> References: <323F22DE.6E24@ricochet.net> <323F4A17.EB9@ime.net> <323FC77F.CFC@degnet.baynet.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Darius Moos wrote: > > Please explain to me why this is a security-risk. I've always had > "." in my PATH. > > Darius Moos. > > Gary Chrysler wrote: > > gordon rios wrote: > > > Hello: > > > Sometimes in a directory I created from my home directory I get the error > > > Thanks, > > > Gordon P. Rios > > I've seen several replys about adding '.' (dot) to the PATH > > statement, IMHO this really is not a good habbit to get into > > especially for the 'root' user! Doing so is a potential > > security risk! > > > > I suggest just typing ./hello > > > > -Enjoy > > Gary > > ~~~~~~~~~~~~~~~~ > > Improve America's Knowledge... Share yours > > The Borg... Where minds meet > > (207) 929-3848 > > -- > > email: moos@degnet.baynet.de If your in a users directory and they have a executable called 'ls' in there that gets your root password, writes it to a file then deletes itself and calls the real 'ls'.. Now that user has your root password! If you look back in the archives you will find a lengthly discussion on this matter! Several reasons were given! -Enjoy Gary ~~~~~~~~~~~~~~~~ Improve America's Knowledge... Share yours The Borg... Where minds meet (207) 929-3848
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?323FD92A.267>