Newsgroups: comp.unix.shell
Path: utzoo!utgpu!jmason
From: jmason@gpu.utcs.utoronto.ca (Jamie Mason)
Subject: Re: Wanted: thoughts about history mechanisms.
Message-ID: <1991Apr28.042814.26268@gpu.utcs.utoronto.ca>
Organization: University of Toronto Computer Science Undergraduate Student
References: <5003@lib.tmc.edu> <1991Apr25.212431.1109@am.sublink.org>
Date: Sun, 28 Apr 1991 04:28:14 GMT

In article <1991Apr25.212431.1109@am.sublink.org> alex@am.sublink.org (Alex Martelli) writes:
>2. if, when the shell is about to emit a primary-prompt to terminal, it
>   finds that a file named $HOME/..dothis exists, it opens, unlinks, 
>   and then sources it; this is how the shell accesses the results of
>   any history-like external command.

	SECURITY HOLE!!  Someone else could easlily write this file, and
the shell would execute their commands.  The shell should *at least*
enforce that ~/.doit be a) owned by the effective uid of the shell and b)
of mode 600 (or 700, since it *is* being executed, sort of).

Jamie  ...  Segmentation fault (core dumped)
Written On  Sunday, April 28, 1991  at  12:27:03am EDT