From: Daniel Feiglin (dilogsys_at_nonexisting.hamakor.org.il)
Date: Sun 23 Feb 2003 - 11:26:38 IST
Nadav Har'El wrote:
> On Sat, Feb 22, 2003, Oron Peled wrote about "Re: Problem with Pth or make or what?":
>
>>Obviously! This also point to a bad habbit:
>> Daniel you have '.' in your path!!!
>
>
> It's not necessarily a bad habbit... Once upon a time, this was considered
> good practice for non-root users.
>
> But calling your programs "test" is indeed a bad habbit :) I've seen more
> than one person bit by this.
>
>
>>Another related issue. I hope nobody don't use '.' in your path
>>as root -- this is suicidal in terms of security.
>
>
> You are scaring the newbies :)
This point also occurred to me - but then most newbies would be using a
GUI like Gnome or KDE, so the issue would rarely if ever arise. It is
really a commandline thing.
DAF
>
> Let's make one thing clear: this advice comes from the days of multi-user
> Unix machines, not of personal Linux machines. In the scary scenario, a
> superuser might cd to some user's directory (hopefully for some legitimate
> reason), run "ls", and, lo and behold - the user might have a "ls" program
> in his own directory formatting the disk (or adding a backdoor, or whatever).
>
> On a machine used by a single person, it doesn't matter what your path is.
> If someone already cracked your machine to insert a program, he could probably
> do whatever he wants anyway.
>
=================================================================
To unsubscribe, send mail to linux-il-request_at_linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request_at_linux.org.il
This archive was generated by hypermail 2.1.7 : Mon 06 Oct 2003 - 23:44:22 IST