On Tue, Apr 04, 2006 at 09:15:58PM +0200, RedShift wrote:
I cannot see how this would be exploitable. root doesn't have . in it's
PATH. Other people were discussing cat and cta for example. For this to
work, one would have to be able to write to the victim's home directory,
$ cd /tmp
$
On Mon, 2006-04-03 at 23:09 +0100, Nick Guenther wrote:
On 4/3/06, Han Boetes [EMAIL PROTECTED] wrote:
Jon Kent wrote:
This one kinda supprised me. When I was looking around by new
3.8 install I noticed that in /etc/skel/.profile that PATH
contains a . in it, which I found supprising
Jon Kent wrote:
Hi,
This one kinda supprised me. When I was looking around by new 3.8
install I noticed that in /etc/skel/.profile that PATH contains a . in
it, which I found supprising as I've always assumed that this was not a
sensible thing to do. I've taken it out as I'm not too happy
On Tue, Apr 04, 2006 at 09:15:58PM +0200, RedShift wrote:
[...] Other people were discussing cat and cta for example. For this to
work, one would have to be able to write to the victim's home directory,
Do you never cd out of your home?
Ciao
Kili
On Tue, 2006-04-04 at 21:15 +0200, RedShift wrote:
I cannot see how this would be exploitable. root doesn't have . in it's
PATH. Other people were discussing cat and cta for example. For this to
work, one would have to be able to write to the victim's home directory,
and - of course - the
--- Matthias Kilian [EMAIL PROTECTED] wrote:
On Tue, Apr 04, 2006 at 09:15:58PM +0200, RedShift wrote:
[...] Other people were discussing cat and cta for example. For
this to
work, one would have to be able to write to the victim's home
directory,
Do you never cd out of your home?
On Tue, Apr 04, 2006 at 08:56:39PM +0100, Jon Kent wrote:
Can see your point here, but I prefer to play on the paranoid side of
fence hence my dislike of this. I'm not sure it should be there by
default, rather if you like it you should add it.
Inexperienced users might add it to the
Hi!
On Tue, Apr 04, 2006 at 09:15:58PM +0200, RedShift wrote:
[...]
I cannot see how this would be exploitable. root doesn't have . in it's
PATH. Other people were discussing cat and cta for example. For this to
work, one would have to be able to write to the victim's home directory,
and - of
Hi!
On Wed, Apr 05, 2006 at 07:35:32AM +1000, Andrew Dalgleish wrote:
On Tue, Apr 04, 2006 at 08:56:39PM +0100, Jon Kent wrote:
Can see your point here, but I prefer to play on the paranoid side of
fence hence my dislike of this. I'm not sure it should be there by
default, rather if you like
--- Hannah Schroeter [EMAIL PROTECTED] wrote:
Hi!
On Wed, Apr 05, 2006 at 07:35:32AM +1000, Andrew Dalgleish wrote:
On Tue, Apr 04, 2006 at 08:56:39PM +0100, Jon Kent wrote:
Can see your point here, but I prefer to play on the paranoid side
of
fence hence my dislike of this. I'm not
That is not a . in the sense of the current directory. .profile is a hidden
directory and the . prefix denotes this...
Josh
- Original Message -
From: Jon Kent [EMAIL PROTECTED]
To: misc@openbsd.org
Sent: Monday, April 03, 2006 3:10 PM
Subject: why is there . [dot] in default PATH?
Jon Kent wrote:
This one kinda supprised me. When I was looking around by new
3.8 install I noticed that in /etc/skel/.profile that PATH
contains a . in it, which I found supprising as I've always
assumed that this was not a sensible thing to do. I've taken it
out as I'm not too happy when
Hello!
On Mon, Apr 03, 2006 at 11:51:17PM +0200, Han Boetes wrote:
...[ . in the path ...]
As long as it is at the end of your PATH it's not that bad.
I disagree. Because that makes exploiting typos possible.
(cat - cta *oops*, for example)
Kind regards,
Hannah.
On 4/3/06, Josh Caster [EMAIL PROTECTED] wrote:
That is not a . in the sense of the current directory. .profile is a hidden
directory and the . prefix denotes this...
What did you smoke?
.profile is not a directory and that line DOES add . to your PATH.
And I always learned that was a unsafe
On 4/3/06, Han Boetes [EMAIL PROTECTED] wrote:
Jon Kent wrote:
This one kinda supprised me. When I was looking around by new
3.8 install I noticed that in /etc/skel/.profile that PATH
contains a . in it, which I found supprising as I've always
assumed that this was not a sensible thing
On 4/3/06, Han Boetes [EMAIL PROTECTED] wrote:
Jon Kent wrote:
This one kinda supprised me. When I was looking around by new
3.8 install I noticed that in /etc/skel/.profile that PATH
contains a . in it, which I found supprising as I've always
assumed that this was not a sensible thing
16 matches
Mail list logo