[Gllug] 'lost' partition -- can anyone help?

[John Hearns]

> In general, root does not have the current directory .
> as part of the PATH - this is a bad idea for security,
> as e.g. an unpriveleged user can put something malicious in /tmp/

Sorry. I should explain that better.
As an ordinary user, create a script which does something really nasty.
Name it 'ls' and copy it to /tmp

Now if root has a PATH which has '.' coming before /bin/ls
then if the root user happens to be in the /tmp directory and does
an 'ls' the nasty script will be run. With root privileges.

That is also why you should be careful when running as root,
and only do it when it is necessary, not as a matter of course.

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug