On Mon, 2003-11-17 at 15:01, Bill Mullen wrote:
> On Mon, 17 Nov 2003, Michael Holt wrote:
>
> > What effect does it have? It means you can execute hidden files? If
> > that's the case, couldn't you do that anyway - if you knew what the
> > filename was? I suppose just for policy, you would want as few things
> > in a users path as possible - is that just what it's about?
>
> What having ":.:" (or its equivalent, "::") in your $PATH does is allow
> the current working directory to be included in any search for executable
> files. This is (wisely, IMHO) considered to be a security risk, as it can
> lead to the execution of a file other than the one you had intended, if
> that file has the same name and the ":.:" appears earlier in the PATH than
> the directory in which the intended file resides.
>
> Obviously, it is *far* more important that such an entry not be part of
> root's PATH than a user's, but it's a risk in the latter case as well.
Ahh, that makes sense. So it's mostly good housekeeping. Thanks.
--
Michael Holt
Snohomish, WA (o_
[EMAIL PROTECTED] (o_ (o_ //\
www.holt-tech.net (/)_ (/)_ V_/_ www.mandrakelinux.com
==================================================================<
14. dd if=/dev/null of=/vmunix
--Top 100 things you don't want the sysadmin to say
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
