Date: Thu, 10 Oct 1996 10:58:44 +0930 (CST) From: Michael Smith <msmith@atrad.adelaide.edu.au> To: richardc@CSUA.Berkeley.EDU (Veggy Vinny) Cc: imp@village.org, current@freebsd.org Subject: Re: /usr/bin/install in -current broken Message-ID: <199610100128.KAA16373@genesis.atrad.adelaide.edu.au> In-Reply-To: <Pine.PTX.3.95.961009133017.5738m-100000@soda.CSUA.Berkeley.EDU> from "Veggy Vinny" at Oct 9, 96 01:33:24 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Veggy Vinny stands accused of saying: > > Hmmm, is moving the '.' to the last component in the path still a > security risk? I guess you are right that I don't want to have it in > root's path but I guess as the last component it should be okay since no > one can name something with the same name and have me run it... =) How long is it since you typo'ed a command as root? 'xs' instead of 'cd', 'la' or ';s' instead of 'ls', or 'mroe' or 'dirt' (if you're an ex-DOS/VMSer) or whatever. Don't do it. Only put trusted directories on your path as root. > -Vince- GaiaNet Corporation Unix Networking Operations -- ]] Mike Smith, Software Engineer msmith@atrad.adelaide.edu.au [[ ]] Genesis Software genesis@atrad.adelaide.edu.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control (ph/fax) +61-8-267-3039 [[ ]] Collector of old Unix hardware. "Where are your PEZ?" The Tick [[
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610100128.KAA16373>