Date: Mon, 25 Mar 2002 12:20:03 -0600 From: Mike Meyer <mwm-dated-1017512403.0c07ee@mired.org> To: Chris BeHanna <behanna@zbzoom.net> Cc: FreeBSD-Stable <stable@freebsd.org> Subject: Re: mergemaster mtree:No such file or directory Message-ID: <15519.27219.356805.929565@guru.mired.org> In-Reply-To: <20020325010337.G78210-100000@topperwein.dyndns.org> References: <20020324163351.A73171@greed.zenspider.com> <20020325010337.G78210-100000@topperwein.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In <20020325010337.G78210-100000@topperwein.dyndns.org>, Chris BeHanna <behanna@zbzoom.net> typed: > On Sun, 24 Mar 2002, Ryan Davis wrote: > > I've seen weird cases lately where the solution to some poor fool's > > port building problem is "Take '.' out of your path". That's just > > NOT going to help us increase the usability of our favorite OS, is > > it? > Having "." in your PATH is a security risk. I don't have any > problem making life difficult for people who have "." in their PATH. Running anything listening to a TCP socket is also a security risk. Do you not have any problems making life difficult for people who run, say sshd? Putting "." last in your PATH narrows the security risk to your common typos. Running on a machine on which the only legit users all have root - a common situation for a workstation or a non-shell server - means that if the risk is exploitable, you've already been cracked. I'd say that running sshd is at least as dangerous as having "." last in your PATH on such a machine. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15519.27219.356805.929565>