On Tue, 12 Mar 2002, Erik Curiel wrote: > > i am an engineer. i use make. i can't type. alice the hacker puts > > 'mkae' in a directory. i am fucked. > > > > it's a bad idea. you can't guard against it completely. > > One of the most far-fetched scenarios I've heard in a while, but sure, I > can conceive of it. Am I going to live my life trying to guard against > every single problem I can conceive of? No. You can't guard against > everything. You weigh the benefits of having "." in your path (ease of > typing) versus the possible dangers you're exposed to and the likelihood > of those dangers occurring (*if* you make exactly the typing error that a > malicious hacker has counted on you to make in *exactly* the directory he > knew you would make it in, you're fucked), and you see where you fall on > the cost-benefit analysis.
being the laziest man on the planet, i'm all for doing as much as possible with the least effort, but there are "best practices" and not having "." in your path is one of them. yes, it's a bit paranoid, but the internet is full of people like me with nothing to do all day but think of ways to fuck with your shit. in the cost-benefit analysis, not worrying about which directory i'm in every time i type a command is worth a "./" every once in a while. and honestly, if i was working with a sysadmin and i found out that they had "." in their path, i'd either demand that they take it out or remove them from the wheel group altogether. =jay _______________________________________________ Bits mailing list [EMAIL PROTECTED] http://www.sugoi.org/mailman/listinfo/bits
