[openbeos] Re: . or no .

• From: "Scott A. MacMaster" <zqxh@xxxxxxx>
• To: openbeos@xxxxxxxxxxxxx
• Date: Tue, 14 May 2002 18:09:19 -0400

On Tue, 14 May 2002 23:08:51 +0200
 Linus Almstrom <linalm-7@xxxxxxxxxx> wrote:
>On 2002-05-14 at 22:49:02 [+0200], openbeos@xxxxxxxxxxxxx wrote:
>> To me this is just a 'safety net' for folders accessable by multible 
>> users (or even just one user).  If a user is stupid enough to name a 
>> script the same as a common program the users is definitely asking for 
>> problems (problems unrelated to security).
>
>Stupid?
>I do not think you understand. If you execute an application somewhere
>(in another users home tree) the application get your rights, which means
>that the one that created and put the application there deliberately can
>get any kind of information from you or erase all your own files.

In multiuser systems I'd definitely be careful about what programs I run.  Hows
this relate to ./?

>
>There are also stuff like suid, but that is a completely different 
>business, sort of anyway.
>
>> Espacially so if the user 
>> doesn't inform the other users of the group about this script.  I said 
>> that the 'problem' aren't security related.  I mean that to mean that it 
>> won't help hackers break through security.  The script could loosen 
>> security for folders that belong to the group.  As I said earlier a user 
>> would be stupid to do that and deserves to have his hand slapped.
>
>What are you talking about? That does not seem to have anything to do with 
>what the discussion is about.

I'm trying to understand what the security issue with ./ is.  Based on what
I've been told I'm explaining what I see.  If my explaination is wrong could
you correct me.  Thanks.

>> I say keep the ./ in there by default.  I'm always for giving a user all 
>> the options.  If the user wants to try to do something risky let them as 
>> it could only affect themselves.
>
>I say the other way around... Leave out the "./" and let the powerusers
>add it if they feel they understand what they are doing.

Maybe I'll think that once I understand this security issue.


Scott MacMaster <zqxh@xxxxxxx>
-----------------------------
Indiana University of Pennsylvania - student
www.CodeLiege.com

• Follow-Ups:
  • [openbeos] Re: . or no .
    • From: François Revol

• References:
  • [openbeos] Re: . or no .
    • From: Linus Almstrom

Other related posts:

• » [openbeos] . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .
• » [openbeos] Re: . or no .

1. Home
2. haiku
3. Archive
4. 05-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---