From owner-freebsd-questions Wed Nov 5 16:37:54 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id QAA22904 for questions-outgoing; Wed, 5 Nov 1997 16:37:54 -0800 (PST) (envelope-from owner-freebsd-questions) Received: from out2.ibm.net (out2.ibm.net [165.87.194.229]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id QAA22899 for ; Wed, 5 Nov 1997 16:37:52 -0800 (PST) (envelope-from mouth@ibm.net) Received: from slip129-37-53-84.ca.us.ibm.net (slip129-37-53-84.ca.us.ibm.net [129.37.53.84]) by out2.ibm.net (8.8.5/8.6.9) with SMTP id AAA56116; Thu, 6 Nov 1997 00:37:42 GMT From: mouth@ibm.net (John Kelly) To: questions@FreeBSD.ORG Cc: questions@FreeBSD.ORG Subject: Re: question Date: Thu, 06 Nov 1997 01:38:59 GMT Message-ID: <34631eb5.186620704@smtp-gw01.ny.us.ibm.net> References: <3460990c.152757135@smtp-gw01.ny.us.ibm.net> <199711051856.KAA09855@foo.primenet.com> In-Reply-To: <199711051856.KAA09855@foo.primenet.com> X-Mailer: Forte Agent 1.01/16.397 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id QAA22900 Sender: owner-freebsd-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Wed, 5 Nov 1997 10:56:59 -0800 (PST), "Bryan K. Ogawa" wrote: >>One of my first changes after an install is PATH in .profile, where I >>add a colon to the front of the path so that my current directory is >>found in my path. >Executing unexpected things in the current directory is a potential >security risk. > >Consider the following script, put into a large directory and >named "sl". Perhaps on a multiuser system where root has changed to a user's directory. But if the system is not multiuser, how can "sl" get there at all? John