Who's in my Directory ?
Len Reed
lbr at holos0.uucp
Sat Nov 24 03:28:24 AEST 1990
In article <1990Nov21.155805.27426 at decuac.dec.com> mjr at hussar.dco.dec.com (Marcus J. Ranum) writes:
>In article <8314 at star.cs.vu.nl> gpvos at cs.vu.nl (Gerben 'P' Vos) writes:
>>
>>I know a student around here with an "ls" shellscript in their home directory,
>>which *copied your mailbox* into a subdirectory, so he could read it.
=
= That's *nothing* compared to what he could have done.
=
= I used to have a hacked up version of sh that used to have a
="set showexec" that would print the name of the program being run when
=it ran it - useful for catching something like that. You only catch it
=after the fact, but you can still go beat them bloody until they tell
=you in detail what './ls' really did.
Hmm, so what you're saying is that you leave a big security hole and then,
after the fact, retaliate against whoever broke in. Why don't you
publish your password and set things up so you can catch whoever broke
in? Such things are reasonable only if you're conducting a sting
operation. If not, '.' shouldn't be in your path ahead of the public
directories.
--
Len Reed
Holos Software, Inc.
Voice: (404) 496-1358
UUCP: ...!gatech!holos0!lbr
More information about the Comp.unix.misc
mailing list