[openbeos] Re: . or no .

• From: tic_khr@xxxxxxxx
• To: openbeos@xxxxxxxxxxxxx
• Date: Tue, 14 May 2002 08:19:34

I don't get it - why just not allowing the user to do this him/herself?

$ export PATH=.:$PATH

It's not -that- easy.

Or, you could have the default be such as:
$ export PATH=/bin:~/config/bin:.
This way you'll always execute the stuff in /bin or ~/config/bin first.


Regards,
-- Mikael


-----Ursprungligt meddelande-----
On 2002-05-13 at 22:18:56 [+0200], openbeos@xxxxxxxxxxxxx wrote:
> On Mon, 13 May 2002 19:48:02 +0200
>  Linus Almstrom <linalm-7@xxxxxxxxxx> wrote:
> >On 2002-05-13 at 19:41:06 [+0200], openbeos@xxxxxxxxxxxxx wrote:
> >> Well, maybe I'm rambling.  Could you just explain this security issue?
> >
> >The issue is wether the ./ path should be in the PATH environment 
> >variable or not. Having the ./ path in it is a security risk, since any 
> >user could write a simple script, put it somewhere and name it to cp or 
> >whatever. If you go to that dir and type "cp" in hope to copy some 
> >files, the script is executed, since the ./ path is in the PATH env var. 
> >This is very likely on mulituser systems and a big security risk.
> 
> I don't see how this is a security risk.  It's very possible I might want 
> to have a script in a folder that has the same name has a common command 
> like cp.
>  There real issue, I think, is if another user is sticking these files 
>  into
> another users directory.  In this case looking at ./ isn't looking at the 
> real issue because security has already been broken because this user is 
> sticking stuff in a folder that belongs to another user.

Any user could have a script in their home dir somewhere, and when
another user comes there, executing "cp" the first user could do whatever
he likes with the second users account.

"rm -R ~/" is vicious and might cause a lot of trouble for the first
 user.

Regards

/Procton



_________________________________________s_p_r_a_y_
Här börjar Internet!
Skaffa gratis e-mail och gratis Internet på http://www.spray.se

Premiär för Spray Smart Mobil - med Sveriges billigaste SMS! 
http://www.spray.se/smart/kampanj

Other related posts:

• » [openbeos] . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .

1. Home
2. haiku
3. Archive
4. 05-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---