[openbeos] Re: . or no .
- From: François Revol <revol@xxxxxxx>
- To: openbeos@xxxxxxxxxxxxx
- Date: Wed, 15 May 2002 00:20:16 +0200 (MEST)
Personally I prefer /. as it's more interesting to read :))))
could we close this topic plz ?
we won't go anywhere anyway, since everyone has a position on this.
Let's stick the R5 way, then we will decide for GE.
François.
En réponse à "Scott A. MacMaster" <zqxh@xxxxxxx>:
> On Tue, 14 May 2002 23:08:51 +0200
> Linus Almstrom <linalm-7@xxxxxxxxxx> wrote:
> >On 2002-05-14 at 22:49:02 [+0200], openbeos@xxxxxxxxxxxxx wrote:
> >> To me this is just a 'safety net' for folders accessable by multible
>
> >> users (or even just one user). If a user is stupid enough to name a
>
> >> script the same as a common program the users is definitely asking
> for
> >> problems (problems unrelated to security).
> >
> >Stupid?
> >I do not think you understand. If you execute an application
> somewhere
> >(in another users home tree) the application get your rights, which
> means
> >that the one that created and put the application there deliberately
> can
> >get any kind of information from you or erase all your own files.
>
> In multiuser systems I'd definitely be careful about what programs I
> run. Hows
> this relate to ./?
>
> >
> >There are also stuff like suid, but that is a completely different
> >business, sort of anyway.
> >
> >> Espacially so if the user
> >> doesn't inform the other users of the group about this script. I
> said
> >> that the 'problem' aren't security related. I mean that to mean that
> it
> >> won't help hackers break through security. The script could loosen
>
> >> security for folders that belong to the group. As I said earlier a
> user
> >> would be stupid to do that and deserves to have his hand slapped.
> >
> >What are you talking about? That does not seem to have anything to do
> with
> >what the discussion is about.
>
> I'm trying to understand what the security issue with ./ is. Based on
> what
> I've been told I'm explaining what I see. If my explaination is wrong
> could
> you correct me. Thanks.
>
> >> I say keep the ./ in there by default. I'm always for giving a user
> all
> >> the options. If the user wants to try to do something risky let them
> as
> >> it could only affect themselves.
> >
> >I say the other way around... Leave out the "./" and let the
> powerusers
> >add it if they feel they understand what they are doing.
>
> Maybe I'll think that once I understand this security issue.
>
>
> Scott MacMaster <zqxh@xxxxxxx>
> -----------------------------
> Indiana University of Pennsylvania - student
> www.CodeLiege.com
>
>
Other related posts:
