Secure PATH
Tim Kehres
kehres at styx.UUCP
Thu Aug 28 09:11:43 AEST 1986
In article <5991 at alice.uUCp> ark at alice.UucP (Andrew Koenig) writes:
>> In my .profile, I have eliminated the beginning : in my path. If a
>> program to be executed is not in a directory indicated in my PATH,
>> I execute it by "./". This is not a BIG hurdle but it is more
>> secure.
>
>If you put the current directory at the end of the search path,
>the hassle is much less and the advantage is almost as great.
It is also very important to make sure that directories with either world
or group write permissions are not in the path. If they must be there, they
should be at the end of the search path. In any event, /bin and /usr/bin
should be at the head of the search path.
Tim Kehres
Control Data Corporaton / Lawrence Livermore National Laboratory
----------------------------------------------------------------
UUCP: {idi,ihnp4!lll-lcc}!styx!kehres
ARPA: kehres at lll-tis-b.ARPA
AT&T: (415) 463-6852
More information about the Comp.unix
mailing list