Mysterious security hole
Randal L. Schwartz
merlyn at iWarp.intel.com
Wed Jun 19 02:51:28 AEST 1991
In article <MSH-XC+ at cs.widener.edu>, brendan at cs (Brendan Kehoe) writes:
| sam at bsu-cs.UUCP wrote:
| >Here's a nice and fairly simple way to improve security.
| >PATH=/bin:/usr/bin:/etc
| >then, to execute something in the local directory usr ./command or a
| >full path.
|
| It took some getting used to, but after about a month I got myself
| into the pattern of doing this .. and have found it completely
| impossible to revert back. :)
I've been doing this for over three years, even with my "everyday"
account.
It's amazing how many "off the net" Makefiles break because they
expect to be able to run a shell script named "foo" in the current
directory with "foo arg arg arg". I find myself saying
PATH=:$PATH make
a lot. :-(
Just another reasonably secure individual, :-)
--
/=Randal L. Schwartz, Stonehenge Consulting Services (503)777-0095 ==========\
| on contract to Intel's iWarp project, Beaverton, Oregon, USA, Sol III |
| merlyn at iwarp.intel.com ...!any-MX-mailer-like-uunet!iwarp.intel.com!merlyn |
\=Cute Quote: "Intel: putting the 'backward' in 'backward compatible'..."====/
More information about the Comp.unix.admin
mailing list