On Mon, 2003-11-17 at 15:01, Bill Mullen wrote: > On Mon, 17 Nov 2003, Michael Holt wrote: > > > What effect does it have? It means you can execute hidden files? If > > that's the case, couldn't you do that anyway - if you knew what the > > filename was? I suppose just for policy, you would want as few things > > in a users path as possible - is that just what it's about? > > What having ":.:" (or its equivalent, "::") in your $PATH does is allow > the current working directory to be included in any search for executable > files. This is (wisely, IMHO) considered to be a security risk, as it can > lead to the execution of a file other than the one you had intended, if > that file has the same name and the ":.:" appears earlier in the PATH than > the directory in which the intended file resides. > > Obviously, it is *far* more important that such an entry not be part of > root's PATH than a user's, but it's a risk in the latter case as well.
Ahh, that makes sense. So it's mostly good housekeeping. Thanks. -- Michael Holt Snohomish, WA (o_ [EMAIL PROTECTED] (o_ (o_ //\ www.holt-tech.net (/)_ (/)_ V_/_ www.mandrakelinux.com ==================================================================< 14. dd if=/dev/null of=/vmunix --Top 100 things you don't want the sysadmin to say
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com