Wanted: thoughts about history mechanisms.
Jamie Mason
jmason at gpu.utcs.utoronto.ca
Sun Apr 28 14:28:14 AEST 1991
In article <1991Apr25.212431.1109 at am.sublink.org> alex at am.sublink.org (Alex Martelli) writes:
>2. if, when the shell is about to emit a primary-prompt to terminal, it
> finds that a file named $HOME/..dothis exists, it opens, unlinks,
> and then sources it; this is how the shell accesses the results of
> any history-like external command.
SECURITY HOLE!! Someone else could easlily write this file, and
the shell would execute their commands. The shell should *at least*
enforce that ~/.doit be a) owned by the effective uid of the shell and b)
of mode 600 (or 700, since it *is* being executed, sort of).
Jamie ... Segmentation fault (core dumped)
Written On Sunday, April 28, 1991 at 12:27:03am EDT
More information about the Comp.unix.shell
mailing list