On Mon, 2003-11-17 at 15:54, Jack Coates wrote: > On Mon, 2003-11-17 at 14:21, Michael Holt wrote: > > On Mon, 2003-11-17 at 12:53, Jack Coates wrote: > > > > > > I don't quite understand what the problem is. Are you saying that '.' > > > > shouldn't be in your path or that it should be? > > > > > > should not. It's not that big a deal I suppose, but it's not The Right > > > Way(TM) for things to be. > > > > :) You seemed pretty emphatic about it's presence in earlier posts; > > What effect does it have? It means you can execute hidden files? If > > that's the case, couldn't you do that anyway - if you knew what the > > filename was? I suppose just for policy, you would want as few things > > in a users path as possible - is that just what it's about? > > the real issue for me is expected versus non-expected behavior. There is > a security risk, which is fairly arcane unless a large class of boxes > are going to exhibit this behavior (no matter how arcane and difficult > the hole, if hundred of boxes will respond in the same way then an > exploit script will be written).
Hey, makes sense. -- Michael Holt Snohomish, WA (o_ [EMAIL PROTECTED] (o_ (o_ //\ www.holt-tech.net (/)_ (/)_ V_/_ www.mandrakelinux.com ==================================================================< 32. Ummm... Didn't you say you turned it off? --Top 100 things you don't want the sysadmin to say
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com