[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: small patch to etc/skel/dot.cshrc

To: Chris Jepeway <jepeway@blasted-heath.com>
Subject: Re: small patch to etc/skel/dot.cshrc
From: Andreas Kahari <ak+openbsd@freeshell.org>
Date: Wed, 18 Feb 2004 00:18:34 +0000
Cc: jamesll@acm.org, misc@openbsd.org, eric <eric@catastrophe.net>
Content-Disposition: inline
Mail-Followup-To: Chris Jepeway <jepeway@blasted-heath.com>,jamesll@acm.org, misc@openbsd.org, eric <eric@catastrophe.net>
References: <5C3999D2-619E-11D8-8F7A-000A956F64E8@cs.pitt.edu> <200402172345.i1HNjsdk022787@suxrox.blasted-heath.com>
User-Agent: Mutt/1.4.2i

On Tue, Feb 17, 2004 at 06:45:54PM -0500, Chris Jepeway wrote:
> [ moved to misc@, perhaps presumptiously ]
> > [ . in PATH ] is not a security issue, if that what you are thinking, because 
> > the paths are searched in order.  all the normal binary directories are 
> > listed first, so no one can slip you a trojaned 'ls' or whatever in the 
> > current directory.
> OK, what about "sl"?  Or "fnid"?  Or "tpcdump"?
> Or, heck, what about "ethereal" if you don't
> have it installed on the machine where you're
> typing?

Exactly.  That's the point that this old FAQ entry makes as well
(last updated 1996):

http://www.faqs.org/faqs/unix-faq/faq/part2/section-13.html

Typing ./ is a habit you get into fairly quickly, just like
typing 'sudo' in front of commands instead of logging in as root
or using 'su'.


-- 
Andreas Kähäri                      |()()|
                                    |)()(|
East Anglia                         |()()|
England                             |)()(|

References:
- Re: small patch to etc/skel/dot.cshrc
  - From: Chris Jepeway <jepeway@blasted-heath.com>

Prev by Date: Re: no colour in vt220 termcap?
Next by Date: Re: BadAccess error with X forwarding
Prev by thread: Re: small patch to etc/skel/dot.cshrc
Next by thread: mysql 4.0.18 and openssl (obsd 3.3)
Index(es):
- Date
- Thread