Re: small patch to etc/skel/dot.cshrc
This is a discussion on Re: small patch to etc/skel/dot.cshrc within the mailing.openbsd.tech forums, part of the OpenBSD category; --> what now ? openbsd has to be responsible for the typos the user makes ? -p. On Wed, Feb ...
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-18-2008, 06:48 AM
| ||||
| ||||
 Re: small patch to etc/skel/dot.cshrc what now ? openbsd has to be responsible for the typos the user makes ? -p. On Wed, Feb 18, 2004 at 01:54:38AM +0100, Marc Bevand wrote: > I also think '.' should be remove from the PATH. Example: > - imagine an evil hacker places a binary (trojan...) called 'sl' > in /tmp > - if '.' is in the default PATH, the hacker would just have > to wait long enough so that a user (whose cwd happens to be > /tmp) mistypes 'sl' (instead of 'ls') so that it executes the > trojan > This simple attack is really used by the bad guys and works very well > on massively multiuser systems. > > -- > Marc Bevand http://www.epita.fr/~bevand_m > Computer Science School EPITA - System, Network and Security Dept.      |
Linear Mode
