[openbeos] Re: . or no .
- From: Timothy Covell <timothy.covell@xxxxxxxxxxx>
- To: openbeos@xxxxxxxxxxxxx,"Michael Phipps" <mphipps1@xxxxxxxxxxxxxxxx>
- Date: Thu, 9 May 2002 22:18:35 -0500
On Thursday 09 May 2002 21:43, Michael Phipps wrote:
> >On 9 May, Michael Phipps wrote:
> >Image typing ls in a shared directory where someone else has made an ls
> >binary of their own.
> >
> >Putting it last in the searchorder or better yet, not in the searchorder
> >makes better security.
>
> I am completely aware that it is a security risk. And I agree.
> OTOH, since I am a developer, that rarely applies to me, since most people
> don't store their source code on insecure machines. :-)
>
> Seriously, though - on any machine that has any serious security, putting .
> in your path is a bad thing. OTOH, that probably isn't too much of an issue
> for OBOS, since (at least R1) will have little to no security.
I agree. However, there is a problem when people use the same password
for many/all of their boxes. Then, your only security is the weakest link
in the chain. But I guess this is really a glass elevator discussion.
--
timothy.covell@xxxxxxxxxxxx
Unix Systems Administrator
Other related posts:
