On Mon, 2003-11-17 at 14:21, Michael Holt wrote: > On Mon, 2003-11-17 at 12:53, Jack Coates wrote: > > > > I don't quite understand what the problem is. Are you saying that '.' > > > shouldn't be in your path or that it should be? > > > > should not. It's not that big a deal I suppose, but it's not The Right > > Way(TM) for things to be. > > :) You seemed pretty emphatic about it's presence in earlier posts; > What effect does it have? It means you can execute hidden files? If > that's the case, couldn't you do that anyway - if you knew what the > filename was? I suppose just for policy, you would want as few things > in a users path as possible - is that just what it's about?
the real issue for me is expected versus non-expected behavior. There is a security risk, which is fairly arcane unless a large class of boxes are going to exhibit this behavior (no matter how arcane and difficult the hole, if hundred of boxes will respond in the same way then an exploit script will be written). -- Jack at Monkeynoodle Dot Org: It's A Scientific Venture... "And the head said that you always were a queer one from the start, for careers you say you want to be remembered for your art, your obsession gets you known throughout the school for being strange, making life-sized models of The Velvet Underground in clay." -- Expectations from Tigermilk by Belle and Sebastian
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
