On 04Feb2017 12:56, Wildman <best_...@yahoo.com> wrote:
On Sat, 04 Feb 2017 18:25:03 +0000, Grant Edwards wrote:
The next time you are in the /tmp directory looking for something, can
you guess what happens when you mistype "ls" as "sl"?
[...]
Your scenario assumes the malicious user has root access
to be able to place a file into /tmp.
/tmp is _publicly_ writable. _Any_ user can do that.
And there would
have to be some reason why I would be looking around in
/tmp. After 10 years of using Linux, it hasn't happened
yet.
Amazing. I was looking around in /tmp in my first days of using UNIX. There's
stuff in there.
And last I would have to be a complete idiot.
If you've got "." in your $PATH, I am beginning to think that this thesis is
supported.
I suppose all that could be a reality, but, how many
computers do you know of have been compromised in this
manor?
Hmm. I've compromised my friends (with harmless pranks) in this way. These days
that doesn't work so well became having "." in your path is not done.
Cheers,
Cameron Simpson <c...@zip.com.au>
--
https://mail.python.org/mailman/listinfo/python-list
