[wplug] $PATH variables
Luquilla Hughes
luquilla at hotmail.com
Sun Oct 14 16:05:52 EDT 2001
>From: John Harrold <harrold at sage.che.pitt.edu>
<snip>
>
>export PATH="$PATH:/my/new/path"
>
>this will add /my/new/path to the end of the search path. somepeople think
>"hey i'll add . to my path so i can execute commands in the current
>directory". this is not a good idea because someone could put a file called
>'ls' in the tmp directory which is a shell script that contains 'rm -rf ~'
>or somesuch. so becareful.
>
Minor clarification in the excellent description(s), the system goes in
order of the directories listed in $path. So the cracker would have to
disable( or rename) 'ls' in '/bin' before the above would be a problem, if I
understand this correctly. It does also allow for the user to do specific
things like replace a shell command with their own version by placing ~/bin
in the path before /bin. (However, I am sure some would tell you that it is
a security risk to do that.)
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
More information about the wplug
mailing list