[Gllug] 'lost' partition -- can anyone help?
John Hearns
john.hearns at streamline-computing.com
Fri May 20 16:57:02 UTC 2005
> In general, root does not have the current directory .
> as part of the PATH - this is a bad idea for security,
> as e.g. an unpriveleged user can put something malicious in /tmp/
Sorry. I should explain that better.
As an ordinary user, create a script which does something really nasty.
Name it 'ls' and copy it to /tmp
Now if root has a PATH which has '.' coming before /bin/ls
then if the root user happens to be in the /tmp directory and does
an 'ls' the nasty script will be run. With root privileges.
That is also why you should be careful when running as root,
and only do it when it is necessary, not as a matter of course.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list