*BSD News Article 95982


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.cs.su.oz.au!metro!metro!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!howland.erols.net!cam-news-hub1.bbnplanet.com!news.bbnplanet.com!news-feed1.tiac.net!news-in.tiac.net!posterchild!news@tiac.net
From: tarbet@swaa.com (Margaret Tarbet)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: New Installation
Date: Thu, 22 May 1997 19:09:01 GMT
Organization: Software Art & Architecture Incorporated
Lines: 16
Message-ID: <33848701.953498@news.tiac.net>
References: <EAI42z.L80@nonexistent.com> <5lv322$ae8@ui-gate.utell.co.uk> <33838754.41C67EA6@nyct.net> <5m18gk$aq7@ui-gate.utell.co.uk>
Reply-To: tarbet@swaa.com
NNTP-Posting-Host: momcat.tiac.net
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Newsreader: Forte Agent 1.0/16.390
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:41480

On 22 May 1997 10:52:04 GMT,
brian@shift.utell.net (Brian Somers) wrote:

> or put the current directory in your path (unsafe):

This raises an interesting point.  I'm probably just not thinking
about the problem in the right way, but i can't seem to see
what's "unsafe" about this.   I've raised the question a few
times in the past and nobody could actually tell me, it was
always only received wisdom for them.  I suppose if it were the
case that path strings could be appropriated by any accountholder
and the owner's identity assumed thereby, then that would indeed
be a Great Gaping Security Hole, but afaik, that's not possible.

Any elucidation gratefully accepted.
								=margaret