[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: OFFTOPIC: configure vs. ./configure
From: Alex Zepeda <garbanzo () hooked ! net>
Date: 1999-07-01 18:48:32
[Download RAW message or body]
On Thu, 1 Jul 1999, Rolf Offermanns wrote:
> On most (if not all) Distributions the root user does not have the CWD
> (current work dir) in his path. That is to prevent some easy attacks.
> Imagine a normal user creating a shell script "ls" in the tmp dir.
> Next time you (root) do a ls in the tmp dir this file would be executed
> as root.
Nah, it wouldn't be a huge problem, as long as '.' was last in the path.
This way things would look for /bin/ls *before* ./ls.
> I think you get the point, anything in this script would be executed as
> root!
See above.
- alex
I thought felt your touch
In my car, on my clutch
But I guess it's just someone who felt a lot like I remember you.
- Translator
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic