Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!samsung!munnari.oz.au!uniwa!bilby.cs.uwa.oz.au!dunnart!janet
From: janet@cs.uwa.oz.au (Janet Jackson)
Newsgroups: comp.unix.admin
Subject: Re: dot in path, etc (was Re: Mysterious security hole)
Message-ID: <janet.677411621@dunnart>
Date: 20 Jun 91 09:53:41 GMT
References: <91161.131540SCHDAVZ@YaleVM.YCC.Yale.Edu> <70@pyuxf.UUCP> <12714@bsu-cs.bsu.edu> <1991Jun19.150625.17848@chinet.chi.il.us> <13780@mentor.cc.purdue.edu>
Sender: usenet@bilby.cs.uwa.oz.au
Organization: Dept. Computer Science, University of Western Australia.
Lines: 24
Nntp-Posting-Host: dunnart

In <13780@mentor.cc.purdue.edu> asg@sage.cc.purdue.edu (The Grand Master) writes:
>I don't know about you. But most of the people I know are not perfect
>typisdts ( ;-) ). It is not uncommon to accidently type ks instead of
>ls ( I have seen many people do it before ). So now what happens when
>someone puts a file ks in /tmp, and you do:
># cd tmp
># ks
>(woops, I meant to type ls)

where ks is a trojan horse.

I try very hard not to cd to /tmp, or any other directory I know is
world-writable.

I don't have "." in root's path, of course, but I do have it at the end of my
own path for convenience.  I probably shouldn't, though.  System
administrators' personal accounts are likely to be rather more privileged
than normal (how many special system-related groups is _your_ uid in?)


Janet Jackson
(janet@cs.uwa.oz.AU)
Department of Computer Science
The University of Western Australia