Torsten Hilbrich <[EMAIL PROTECTED]> writes: > Daniel Martin at cush <[EMAIL PROTECTED]> writes: <SNIP> > > root's initialization files, or into the system-wide path. (I should > > qualify this with the statement that I don't completely understand why > > this is a security hole when it's done as the last component of the > > PATH, but...) > > Quite simple, think of a command named sl put in some users home > directory and root which tries to type ls but accidently typed sl. If > cwd is that directory the program sl is executed with root priviledge > :-(.
Fair enough; I was thinking that no one would be careless enough to allow typos into command lines typed in a root shell. (I know that I, for one, am painstakingly careful about what I type as root after hosing a slackware system three years back with an accidental 'rm -r /lib' - I had meant to do 'rm -r /lib/pbmcompat/' but on that keyboard the '/' and return were just too close together...) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]