Subject: Re: . in path
To: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
From: VaX#n8 <email@example.com>
Date: 12/12/1994 14:12:38
While really really bored, der Mouse wrote:
> Since when has it been the shell's duty to warn of possible security
> problems? IMO this check belongs in /.profile and/or /.cshrc, not in
> the shell itself. Should it also check every executable being run to
> make sure there are no world-write directories on the path leading to
> it? That's a security risk too, y'know.
Hmm, what about a rootsh that does that sort of stuff?
Or at least one that checks the path for bin dirs which can be written
by someone other than root, etc.
A check in the .profile and/or .cshrc might well be too late if you want
to be ultra-secure; Ideally you could just ignore path components that are
risks (level of "risk" to be defined by user... in a way, even bin-group
writable dirs are -some- kind of a risk, but not everyone is as paranoid
as I am).
VaX#n8 (vak-sa-nate) - n, CS senior++ and Unix junkie - firstname.lastname@example.org
Just the vax-man. Read my MIPS, no new VAXes! - PGP key on request