[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: OFFTOPIC: configure vs.  ./configure
From:       Alex Zepeda <garbanzo () hooked ! net>
Date:       1999-07-01 18:48:32
[Download RAW message or body]

On Thu, 1 Jul 1999, Rolf Offermanns wrote:

> On most (if not all) Distributions the root user does not have the CWD
> (current work dir) in his path. That is to prevent some easy attacks.
> Imagine a normal user creating a shell script "ls" in the tmp dir.
> Next time you (root) do a ls in the tmp dir this file would be executed
> as root.

Nah, it wouldn't be a huge problem, as long as '.' was last in the path.
This way things would look for /bin/ls *before* ./ls.

> I think you get the point, anything in this script would be executed as
> root!

See above.

- alex

I thought felt your touch
In my car, on my clutch
But I guess it's just someone who felt a lot like I remember you.
  - Translator

[prev in list] [next in list] [prev in thread] [next in thread]