On Mon, 2003-11-17 at 15:54, Jack Coates wrote:
> On Mon, 2003-11-17 at 14:21, Michael Holt wrote:
> > On Mon, 2003-11-17 at 12:53, Jack Coates wrote:
> >
> > > > I don't quite understand what the problem is. Are you saying that '.'
> > > > shouldn't be in your path or that it should be?
> > >
> > > should not. It's not that big a deal I suppose, but it's not The Right
> > > Way(TM) for things to be.
> >
> > :) You seemed pretty emphatic about it's presence in earlier posts;
> > What effect does it have? It means you can execute hidden files? If
> > that's the case, couldn't you do that anyway - if you knew what the
> > filename was? I suppose just for policy, you would want as few things
> > in a users path as possible - is that just what it's about?
>
> the real issue for me is expected versus non-expected behavior. There is
> a security risk, which is fairly arcane unless a large class of boxes
> are going to exhibit this behavior (no matter how arcane and difficult
> the hole, if hundred of boxes will respond in the same way then an
> exploit script will be written).
Hey, makes sense.
--
Michael Holt
Snohomish, WA (o_
[EMAIL PROTECTED] (o_ (o_ //\
www.holt-tech.net (/)_ (/)_ V_/_ www.mandrakelinux.com
==================================================================<
32. Ummm... Didn't you say you turned it off?
--Top 100 things you don't want the sysadmin to say
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
