On Fri, Aug 15, 2014, at 12:39, Zlatko Calusic wrote:
> That someone already has a root password, so it's easier for him to use
> it than to drop malware and wait for me to step on it. ;)
>
> The point being of course, dot in the PATH is dangerous ONLY if you are
> on a multiuser machine where t
On Fri, Aug 15, 2014 at 1:39 PM, Zlatko Calusic
wrote:
> On 15.08.2014 10:57, Ondřej Surý wrote:
>
>> Hi Zlatko,
>>
>> I will fix that in git, but having "." in $PATH (especially for root
>> user)
>> is a very bad bad practice and really should be avoided due security
>> reasons.
>>
>>
> No, it's
On 15.08.2014 10:57, Ondřej Surý wrote:
Hi Zlatko,
I will fix that in git, but having "." in $PATH (especially for root
user)
is a very bad bad practice and really should be avoided due security
reasons.
No, it's not. It's a bad practice ONLY if some requirements are met,
which has not been
Hi Zlatko,
I will fix that in git, but having "." in $PATH (especially for root
user)
is a very bad bad practice and really should be avoided due security
reasons.
Imagine someone dropping a malware binary in /tmp ...
Ondrej
On Fri, Aug 15, 2014, at 10:26, Zlatko Calusic wrote:
> Package: php5-
Package: php5-common
Version: 5.6.0~rc4+dfsg-1
Severity: normal
During installation:
Setting up php5-common (5.6.0~rc4+dfsg-1) ...
find: The current directory is included in the PATH environment variable, which
is insecure in combination with the -execdir action of find. Please remove the
curr
5 matches
Mail list logo
