Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!magnus.acs.ohio-state.edu!csn!ncar!gatech!usenet.ins.cwru.edu!agate!stanford.edu!rutgers!modus!gear!am!alex
From: alex@am.sublink.org (Alex Martelli)
Newsgroups: comp.unix.shell
Subject: Re: Wanted: thoughts about history mechanisms.
Message-ID: <1991May05.003216.300@am.sublink.org>
Date: 5 May 91 00:32:16 GMT
References: <5003@lib.tmc.edu> <1991Apr25.212431.1109@am.sublink.org> <1991Apr28.042814.26268@gpu.utcs.utoronto.ca>
Organization: Premiata Famiglia Martelli & Figli
Lines: 24

jmason@gpu.utcs.utoronto.ca (Jamie Mason) writes:
	...
:In article <1991Apr25.212431.1109@am.sublink.org> alex@am.sublink.org (Alex Martelli) writes:
:>2. if, when the shell is about to emit a primary-prompt to terminal, it
:>   finds that a file named $HOME/..dothis exists, it opens, unlinks, 
:>   and then sources it; this is how the shell accesses the results of
:>   any history-like external command.
:
:	SECURITY HOLE!!  Someone else could easlily write this file, and
:the shell would execute their commands.  The shell should *at least*
:enforce that ~/.doit be a) owned by the effective uid of the shell and b)
:of mode 600 (or 700, since it *is* being executed, sort of).

'easily'?  ALL dot files in your home directory can be thought of as
"security holes" in this way - if you leave them writable (in general,
if you leave your home directory writable!), you're already asking
for big trouble, and, no, I don't think such mode-600ness is enforced
today for .profile, .exrc, .cshrc, .login, .rhosts, whatever $ENV
points at in ksh, and so on!
-- 
Alex Martelli - (home snailmail:) v. Barontini 27, 40138 Bologna, ITALIA
Email: (work:) martelli@cadlab.sublink.org, (home:) alex@am.sublink.org
Phone: (work:) ++39 (51) 371099, (home:) ++39 (51) 250434; 
Fax: ++39 (51) 366964 (work only), Fidonet: 332/401.3 (home only).