Mysterious security hole
Mathias Koerber
koerber.sin at sni.de
Thu Jun 20 19:16:35 AEST 1991
In article <1991Jun19.150625.17848 at chinet.chi.il.us> les at chinet.chi.il.us (Leslie Mikesell) writes:
|In article <12714 at bsu-cs.bsu.edu> sam at bsu-cs.UUCP (B. Sam Blanchard) writes:
|
|>Here's a nice and fairly simple way to improve security.
|>PATH=/bin:/usr/bin:/etc
|
|Isn't this annoying overkill compared to just putting "." last in your
|path? That will prevent accidental execution of the wrong copy of
|standard commands while still letting you test programs in your current
|directory and run normal makefiles without contortions.
|
|Les Mikesell
| les at chinet.chi.il.us
As someone else already pointed out,this still leaves the possibility of some-
one creatins "ls-" in a directory, wher you might go once in a while. You
might make a typo, and there it goes, trashing your disk. (more likely
creating a root account first, or something else). It might even
display:
ls-: not found
Shells which count the number of commands might let you find this, but
TOO LATE.
More information about the Comp.unix.admin
mailing list