John Hunter wrote: > Ok, guilty as charged. I often tend to go in as 'su' rather than 'su > - root' and thus inherit my user configs, which has '.' in the path.
Is that true on all systems? I'm running a debian box, and if I do 'su', it still changes my user preferences, or at least ps1. > I think I'll remove '.' from my user path too, cause I really don't > need it since I rarely execute code form the current dir, and when I > do, I don't mind the ./ thing. I try to be in the habit of doing that > anyway. Those sorts of attacks mattered a lot more when the main thing you were worried about was local exploits because you adminned a machine which had 300 users at some college rather than remote exploits. Still, it's good idea to fix that one, just on general cleanliness. Also, it's a good idea to use sudo instead of su, so that you don't accidentally do something bad with an inane command which didn't have to be run as root. It also reduces the chances of someone walking over to your machine when there's a root shell open... -Bram _______________________________________________ Bits mailing list [EMAIL PROTECTED] http://www.sugoi.org/mailman/listinfo/bits
