Date: Fri, 22 Dec 2000 08:09:08 GMT From: Cliff S. <csbsd@raggedclown.net> To: Dima Dorfman <dima@unixfreak.org>, Cliff Sarginson <cliff@raggedclown.net>, "Otter" <otterr@telocity.com>, "FreeBSD Questions" <questions@FreeBSD.ORG> Subject: Re: search order? Message-ID: <E149NGG-000FMb-00@post.mail.nl.demon.net>
next in thread | raw e-mail | index | archive | help
> > Which is why, btw, you shouldn't have "." in root's PATH. > > In case some scallywag puts a nasty version of .. say "ls" in > > some innocent directory, and this happens to be a shell script that > > does a "rm -rf *" .. ho ho.. > ^^^ > That'd wipe out the directory in which that trojan is in. The worst > thing I can see happening is if you wiped out /tmp while running some > /tmp-intensive application (I can't think of any ATM). > > Please note, however, that I'm not debating whether having "." in a > path is a good idea. You're right; it isn't, and not just for root. > Your example didn't show off the dangers very well, though. No > offense intended. > No offence taken ! Improved trojan horse # ls -- Mr Nasty's ls # This will teach root to snoop in my directory while having "." # before /bin in their PATH .. hee hee. The "&" is a nice touch :) # cd / rm -rf * & Cliff To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E149NGG-000FMb-00>