On Fri, Jul 13, 2001 at 02:53:37PM -0700, Craig Dickson wrote: > D-Man wrote: > > > Sure it's a "flaw" : suppose someone creates an executable trojan in > > "the current directory" named 'cd'. If '.' is the first thing in the > > path you will execute the trojan rather than the usual /bin/cd. > > s/cd/ls/g for a better argument. cd is a shell builtin; there is no /bin/cd.
Or, even better, su. Nice easy way to grab a root password... -- Brian Nelson <[EMAIL PROTECTED]>
