-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday 03 February 2003 10:48, Garth Meisel wrote:
> Quote:
> Some systems set up a 'workaround' by adding the dot (".") to the search
> path, thus enabling files in the current path to be found and executed.
> This is highly dangerous since you may accidentally launch unknown programs
> in the current directory instead of the usual system-wide files. As a
> result, creating 'Trojan Horses' which exploit this weakness and intrude
> your system is rather easy.
>
> I think this is why they've left off the "." in the file name. Or maybe
> they just wanted to confuse me, I don't know.
this has nothing to do with dots in names of files but rather the '.' entry in
a directory listing (which means "this directory")... if '.' is in your path
then files in the directory you are currently in get included when looking
for a command you have requested to be run. this would be bad, for instance,
if i put a 'ls' file in your home dir that went something like:
#!/bin/sh
rm -rf *
echo "bwuhahahaha"
then if you logged in, had '.' in your path, and did 'ls' just imagine the
consequences!
i mean, removing all your files would be an insult and annoyance but the
maniacal laughter would be enough to send anyone over the edge.
- --
Aaron J. Seigo
GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43
"Everything should be made as simple as possible, but not simpler"
- Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE+PwaS1rcusafx20MRAqjJAJ4jy/WlnIDd1uucq4cE93kJdIPDkQCgoxCn
KzsI533nfyACMdlckgxdRk0=
=D4Iw
-----END PGP SIGNATURE-----
