Date: Thu, 06 Nov 1997 01:38:59 GMT From: mouth@ibm.net (John Kelly) To: questions@FreeBSD.ORG Cc: questions@FreeBSD.ORG Subject: Re: question Message-ID: <34631eb5.186620704@smtp-gw01.ny.us.ibm.net> In-Reply-To: <199711051856.KAA09855@foo.primenet.com> References: <Pine.BSF.3.96.971105083016.244A-100000@dreamworld.demon.co.uk> <3460990c.152757135@smtp-gw01.ny.us.ibm.net> <199711051856.KAA09855@foo.primenet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 5 Nov 1997 10:56:59 -0800 (PST), "Bryan K. Ogawa" <bkogawa@primenet.com> wrote: >>One of my first changes after an install is PATH in .profile, where I >>add a colon to the front of the path so that my current directory is >>found in my path. >Executing unexpected things in the current directory is a potential >security risk. > >Consider the following script, put into a large directory and >named "sl". Perhaps on a multiuser system where root has changed to a user's directory. But if the system is not multiuser, how can "sl" get there at all? John
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34631eb5.186620704>