On Fri, Aug 15, 2014, at 12:39, Zlatko Calusic wrote: > That someone already has a root password, so it's easier for him to use > it than to drop malware and wait for me to step on it. ;) > > The point being of course, dot in the PATH is dangerous ONLY if you are > on a multiuser machine where there are people with shell access who you > can't trust. I haven't seen such machine in decades, and of course I'll > remember to remove the all-dangerous dot from the PATH then. In the > meantime, my boxes are so much friendlier with the dot included. :)
Any website running PHP (and it looks like you do run PHP) can drop a file to /tmp (or any other writeable directory). But that's your choice. O. -- Ondřej Surý <[email protected]> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
