????? HELP!!! what is wrong with this code? ???????
Wonderly
gregg at ihlpb.ATT.COM
Thu Oct 20 00:57:54 AEST 1988
>From article <8703 at smoke.BRL.MIL>, by gwyn at smoke.BRL.MIL (Doug Gwyn ):
> In article <10146 at cup.portal.com> thad at cup.portal.com (Thad Thad Floryan) writes:
>>Doug Gwyn writes: "It is not wise to have the current directory early
>>in the PATH directory list."
>>Doug, would you please expand upon your statement (above)? I feel others
>>besides myself would appreciate knowing the hidden (?) pitfalls.
>
> $ cat > /tmp/ls
> ...
> ^D
> $ chmod +x /tmp/ls
>
> Sometime later the victim comes along and does:
>
> $ cd /tmp
> $ ls
>
> It seems to work fine; there is no sign of anything suspicious,
> except the system seems to be busy doing something now...
Some time ago, this whole discussion came up and I posted a note about a
solution that a friend of mine (Mark Vasoll, vasoll at a.cs.okstate.edu)
came up with that I now use in my shell. I use a variable called,
dotpath, that contains a list of directory prefixes under which '.' is
valid. A '!' in front of a path explicitly invalidates it. Currently I
use "dotpath=!~/rje:~". Anytime that an executable is in '.', and '.'
is not valid as described by dotpath, that executable is ignored. If it
is the only executable by that name that is in one of the PATH
directories, you get the diagnostic;
<prog>: current directory not safe
where prog is the name of the command/executable/script. I find this
quite reassuring to have. Currently, my account here is on an amdahl
maxi which has more logins than I can ever know the owners of. I don't
really want to run around covering my backside for every move when the
computer can do it for me. I have yet to come up against a trojan horse
(that is also reassuring).
--
Gregg Wonderly
AT&T Bell Laboratories DOMAIN: gregg at ihlpb.att.com
IH2D217 - (312) 979-2794 UUCP: att!ihlpb!gregg
More information about the Comp.unix.questions
mailing list