[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PATH and security
From: |
Eric Blake |
Subject: |
Re: PATH and security |
Date: |
Tue, 22 Apr 2008 23:01:46 -0600 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080213 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
According to Jim Meyering on 4/22/2008 5:13 PM:
|>> If security isn't enough of an argument, you can consider this yet another
|>> reason not to put "." early in your PATH. Please consider removing
|>> "." from your PATH altogether.
|
| Besides, I recognize that no system is immune from risk.
| I.e., a bug in my browser may allow malicious code to create
| that /tmp/ls file you mentioned.
I personally like having . in my PATH on systems I manage, but only at the
end and never first, so I can guarantee that any important program (like
/bin/ls) cannot be inadvertently replaced by a malicious /tmp/ls.
- --
Don't work too hard, make some time for fun as well!
Eric Blake address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkgOwroACgkQ84KuGfSFAYANfACgn04WGKCqJ+shKYcKvvbFc8X/
txgAn3JTJWtntANLifoj2gKzhWsqyBwU
=Nu2/
-----END PGP SIGNATURE-----