Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!linac!uwm.edu!ogicse!milton!serval!tomar.accs.wsu.edu!yeidel
From: yeidel@tomar.accs.wsu.edu (Joshua Yeidel)
Newsgroups: comp.unix.admin
Subject: Re: Mysterious security hole
Message-ID: <1991Jun21.203054.989@serval.net.wsu.edu>
Date: 21 Jun 91 20:30:54 GMT
References: <91161.131540SCHDAVZ@YaleVM.YCC.Yale.Edu> <52@bvnews1.bv.tek.com> <JC.91Jun21133441@raven.bu.edu>
Sender: news@serval.net.wsu.edu (USENET News System)
Reply-To: yeidel@tomar.accs.wsu.edu (Joshua Yeidel)
Organization: Academic Computing Services, Washington State University
Lines: 6

>The example of having something in / is bad for obvious reasons.  But 
>what about /tmp?  A script named say "la" (common type of "ls") which
>does a chmod 777 /, sends mail to the person and then echos 
>"la: Command not found" would do the job nicely. 

Is /tmp in your path?  Why?