Path: utzoo!attcan!uunet!munnari.oz.au!goanna!wren!msf From: msf@wren.cs.rmit.OZ.AU (Michael Fuller) Newsgroups: comp.unix.shell Subject: Re: crontab for ordinary users Message-ID: <4073@goanna.cs.rmit.oz.au> Date: 24 Oct 90 23:50:39 GMT References: <1990Oct23.065611.17458@onion.pdx.com> Sender: news@goanna.cs.rmit.oz.au Lines: 34 jeff@onion.pdx.com (Jeff Beadles) writes: >I believe that you're doing your best to make your system vulnerable to a >trojan horse attack with a brain-damaged path like this. > *** DOT SHOULD NEVER BE FIRST IN YOUR PATH. *** >There are security papers galore that try to beat this into people, but they >just don't listen. It IS a very good idea though. >If you don't know why dot is bad in front of your path, send me email telling >me why you need to know. :-) Please! Just come out and say it. Having implied that there is a security hole, you then don't say what it is. Ordinary users such as myself :-) don't have time or even know quite where to look for the "security papers galore", but those who _are_ interested in exploiting such weaknesses will eagerly go off to play. If I knew why it was a bad idea, I would be *much* less likely to do such a thing. The result now is that I won't know, and the baddies will :-(. If you must mention a problem, do so in a way which doesn't disadvantage the very people you are trying to protect. > -Jeff Michael p.s. Security papers would do a much better job of trying to beat things into people if they were widely diestributed and publicised. ------------------------------------------------------------------------------- Michael Fuller, ACSNET: msf@wren.cs.rmit.OZ Key Center for Knowl. Based Sys., INTERNET: msf@wren.cs.rmit.OZ.AU RMIT Dept. of Comp. Sci., JANET: msf%au.oz.wren@uk.ac.ukc GPO BOX 2476 V, BITNET: msf%wren.cs.rmit.OZ.AU@relay.cs.net Melbourne, 3001, AUSTRALIA UUCP: ..!uunet!wren.cs.rmit.OZ.AU!msf Phone: +61 3 660 2992 Fax: +61 3 662 1617