I gotta back Brandon on this, you should NEVER have . in your path. If he didn't explain proper, the reason for this is... Imagine the scenario, a user calls over the administrator or says yeah, i can't access a file in my home dir. So the root user looks in the user's home dir, and types 'ls'. Now if root has '.' in his search path, and you user is malicious, he has a script called ls which copies /bin/bash into /tmp and makes it suid, then calls the proper ls. The root user knows no difference, but now the malicious user has a SUID copy of bash in /tmp. He types /tmp/bash and bam! he's root.
-thor > everyone must administer their boxes. There are different approaches, > with good arguments on many sides. > > If you want to *suggest* that people do things a certain way, and > provide reasons why this way is preferable to other ways, that will be > welcomed. If you try to lay down your law from on high, you just look > like an asshole, and a laughable one at that. It's hard to take someone > seriously who has such an obviously closed mind. > > E > > -- [[EMAIL PROTECTED] ]# _______________________________________________ Bits mailing list [EMAIL PROTECTED] http://www.sugoi.org/mailman/listinfo/bits
