thunder7xs4all.nl

• Next message: Walter Krohe: "Re: AW: [suse-security] POP3 with Outlook SSL"
• Previous message: Mark B Withers: "Re: [suse-security] /etc/profile security question"
• In reply to: Mark B Withers: "Re: [suse-security] /etc/profile security question"
• Next in thread: Andre Poenitz: "Re: [suse-security] /etc/profile security question"
• Reply: thunder7xs4all.nl: "Re: [suse-security] /etc/profile security question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Feb 04, 2000 at 11:07:13AM -0500, Mark B Withers wrote:
> Ok. Thanks for the info!
>
> Mark
>
In case you want to know *why* it's so bad, take this example

some malicious normal user makes a program in /tmp that erases every
directory it can find, and calls it 'ls'.

The system administrator logs in, and eventually will type 'ls' in /tmp.

Since . is first in his path, he will not execute his normal ls, but
instead the ls from the malicious user. Since he's root, the program
will erase everything. If . is at the end of his path, Mark Alicious can
still guess typing errors etc. to make root inadvertently execute a
program.

Jurriaan

-- 
As of next week, passwords will be entered in Morse code.
Linux 2.2.14 SMP up 1:46 5 users load av: 1.43 2.18 1.54
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com

• Next message: Walter Krohe: "Re: AW: [suse-security] POP3 with Outlook SSL"
• Previous message: Mark B Withers: "Re: [suse-security] /etc/profile security question"
• In reply to: Mark B Withers: "Re: [suse-security] /etc/profile security question"
• Next in thread: Andre Poenitz: "Re: [suse-security] /etc/profile security question"
• Reply: thunder7xs4all.nl: "Re: [suse-security] /etc/profile security question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]