Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!caen!ox.com!math.fu-berlin.de!ira.uka.de!unido!nixpbe!nixsin!koerber.sin@sni.de
From: koerber.sin@sni.de (Mathias Koerber)
Newsgroups: comp.unix.admin
Subject: Re: Mysterious security hole
Message-ID: <2003@nixsin.UUCP>
Date: 20 Jun 91 09:16:35 GMT
References: <91161.131540SCHDAVZ@YaleVM.YCC.Yale.Edu> <70@pyuxf.UUCP> <12714@bsu-cs.bsu.edu> <1991Jun19.150625.17848@chinet.chi.il.us>
Sender: koerberm@nixsin.UUCP
Reply-To: koerber.sin@sni.de
Organization: Siemens Nixdorf Information Systems (Singapore) Pte Ltd
Lines: 22

In article <1991Jun19.150625.17848@chinet.chi.il.us> les@chinet.chi.il.us (Leslie Mikesell) writes:
|In article <12714@bsu-cs.bsu.edu> sam@bsu-cs.UUCP (B. Sam Blanchard) writes:
|
|>Here's a nice and fairly simple way to improve security.
|>PATH=/bin:/usr/bin:/etc
|
|Isn't this annoying overkill compared to just putting "." last in your
|path?  That will prevent accidental execution of the wrong copy of
|standard commands while still letting you test programs in your current
|directory and run normal makefiles without contortions.
|
|Les Mikesell
|  les@chinet.chi.il.us

As someone else already pointed out,this still leaves the possibility of some-
one creatins "ls-" in a directory, wher you might go once in a while. You
might make a typo, and there it goes, trashing your disk. (more likely
creating a root account first, or something else). It might even
display:
ls-: not found
Shells which count the number of commands might let you find this, but
TOO LATE.