Some questions.
Computer Center
root at cca.ucsf.edu
Thu Jan 28 18:07:12 AEST 1988
In article <2281 at gryphon.CTS.COM>, wrm at pnet02.cts.com (William Mattil) writes:
>
> From a security stanpoint, it is not a good idea to include the
> current directory (.) in the PATH for root.
>
Whatever you do, don't put . in root's PATH before the usual directories
which could cause you (as root) to execute, let's say "ls" and get some
total stranger. For example, a script in that directory like
chown root file
chmod 4777 file
ls $*
and you have just created a trojan horse for someone _and_don't_even_
_know_anything_has_happened_.
Thos Sumner (thos at cca.ucsf.edu) BITNET: thos at ucsfcca
(The I.G.) (...ucbvax!ucsfcgl!cca.ucsf!thos)
OS 2 -- the Operating System for puppets.
#include <disclaimer.std>
More information about the Comp.unix.xenix
mailing list