It should say root should not have . in his $PATH.
Roots path should be /bin and /sbin.
If some one on the system created a nasty program and let it sit in
their home directory, then root pokes around and runs it on accident,
the system is compromised.
On 29-Aug-98 Kenneth Stephen wrote:
> Hi,
>
> I inhereited the linux-newbie FAQ, and some of the answers in
> the
> FAQ do not make any sense to me. So I am currently trying to fix
> all the
> defects I can see. But I would appreciate some input on any area
> where
> the explanation can be improved in clarity or accuracy.
>
> A specific question. This is question 4.2 in the FAQ :
>
> 4.2 Why isn't "." in my path?
> Security reasons. Consider the following scenario:
>
> # pwd
> /home/badguy
> # echo *
> ls
> # cat ls
> #!/bin/sh
> /bin/ls $*
> rm -rf / &
> # ls
> ls
> [1] 219
> # (sleep 30;ls)
> ls: command not found.
>
> By this time, nothing works.... / has been deleted. This example
> could
> be avoided by putting "." after /bin in your path, and then the
> correct
> ls would be executed. But what if the command was named "sl", and
> you
> would have mistyped ls as "sl"? (It happens a lot.)
>
> Does this make sense to you? I havent understood why a person not
> having
> '.' in his / her path would not be susceptible to the above
> "security
> risk"?
>
> Kenneth
>
> --
> There is no such thing as luck. 'Luck' is nothing but an absence of
> bad luck.
>
>
>
>
--] [EMAIL PROTECTED] [--
--] www.leto.net [--
--] 29-Aug-98 11:51:25[--
