Date: Sat, 18 Mar 1995 20:03:37 +0300 From: "Andrey A. Chernov, Black Mage" <ache@astral.msk.su> To: Joerg Wunsch <joerg_wunsch@uriah.heep.sax.de> Cc: CVS-commiters@freefall.cdrom.com, cvs-gnu@freefall.cdrom.com Subject: Re: cvs commit: src/gnu/usr.bin/man/catman catman.perl Message-ID: <EKf9nQlOZ2@astral.msk.su> In-Reply-To: <199503181542.QAA28054@uriah.heep.sax.de>; from J Wunsch at Sat, 18 Mar 1995 16:42:11 %2B0100 (MET) References: <199503181542.QAA28054@uriah.heep.sax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199503181542.QAA28054@uriah.heep.sax.de> J Wunsch writes: >As Andrew A. Chernov wrote: >> >> ache 95/03/17 18:19:26 >> >> Modified: gnu/usr.bin/man/catman catman.perl >> Log: >> Don't use user PATH into environment for sec reasons >What are your security concerns for catman? I think this is rather >pointless. It calls many pgms just by relative name, they can be found in user PATH, it is potential hole in putting pgms with same names in superuser's user PATH and similar things. Basic rule to avoid it is: don't use user PATH in system scripts. -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - FidoNet: 2:5020/230.3 : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EKf9nQlOZ2>