Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.cs.su.oz.au!metro!metro!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!howland.erols.net!cam-news-hub1.bbnplanet.com!news.bbnplanet.com!news-feed1.tiac.net!news-in.tiac.net!posterchild!news@tiac.net From: tarbet@swaa.com (Margaret Tarbet) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: New Installation Date: Thu, 22 May 1997 19:09:01 GMT Organization: Software Art & Architecture Incorporated Lines: 16 Message-ID: <33848701.953498@news.tiac.net> References: <EAI42z.L80@nonexistent.com> <5lv322$ae8@ui-gate.utell.co.uk> <33838754.41C67EA6@nyct.net> <5m18gk$aq7@ui-gate.utell.co.uk> Reply-To: tarbet@swaa.com NNTP-Posting-Host: momcat.tiac.net Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Newsreader: Forte Agent 1.0/16.390 Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:41480 On 22 May 1997 10:52:04 GMT, brian@shift.utell.net (Brian Somers) wrote: > or put the current directory in your path (unsafe): This raises an interesting point. I'm probably just not thinking about the problem in the right way, but i can't seem to see what's "unsafe" about this. I've raised the question a few times in the past and nobody could actually tell me, it was always only received wisdom for them. I suppose if it were the case that path strings could be appropriated by any accountholder and the owner's identity assumed thereby, then that would indeed be a Great Gaping Security Hole, but afaik, that's not possible. Any elucidation gratefully accepted. =margaret