On Thu, 22 Oct 1998, Peter S Galbraith wrote: : : "Helge Hafting" wrote: : : > You don't have "." in your path, so files are *not* considered executable : > just because they are in the *current* directory. : > : > This is a security feature. (Some user could make a nasty script called : > "ls" or similiar in his home directoy. If you try to look at his files : > with ls the nasty script is invoked instead.) : > : > Ways of solving the problem: : > : > 1. Create ~/bin and add that to your path. : > This works well and has no security problems. : ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ : : If some user is capable of putting a fake `ls' in a random directory where : you might trip on it, that user is far more likely to put it in your ~/bin : directory! (Same privileges are required)
There are still systems where /usr/local is world writable (HP/UX for one). The "fake ls in current dir" trick is usually intended to catch people who are executing ls _in that directory_ (like an admin, for example) If your ~/bin directory is writable by anyone other than yourself, you get what you deserve. -- Nathan Norman MidcoNet 410 South Phillips Avenue Sioux Falls, SD mailto:[EMAIL PROTECTED] http://www.midco.net finger [EMAIL PROTECTED] for PGP Key: (0xA33B86E9)
