Date: Wed, 24 Jul 1996 06:39:27 -0700 (MST) From: Don Yuniskis <dgy@rtd.com> To: paradox@pegasus.rutgers.edu (Red Barchetta) Cc: freebsd-questions@freebsd.org Subject: Re: ["Ian Kallen" <ian@gamespot.com>: Re: Install Q& A] Message-ID: <199607241339.GAA15147@seagull.rtd.com> In-Reply-To: <CMM-RU.1.5.838209547.paradox@pegasus.rutgers.edu> from "Red Barchetta" at Jul 24, 96 07:59:07 am
next in thread | previous in thread | raw e-mail | index | archive | help
> >Is . in your path? A lot of folks consider it bad sysadmin practive > >to have it so and to precede all commands outside their path with full > >paths or relative paths (i.e. from /stand run it as ./sysinstall). > > Why is this considered bad practice? Because a nasty user could ask you to look into a "problem" he is having... you would conceivably cd into his $HOME (which is where the problem is) and maybe do something like "ls" to list the contents of the directory. Of course, the user may have created his own bogus "ls" that you will end up executing *instead* of /bin/ls (assuming the "." is in your path ahead of "/bin"). That bogus "ls" will now execute with *your* (e.g., *root's*) permissions and probably give the user root priviledge in the future...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607241339.GAA15147>