On Sat, 04 Feb 2017 19:12:55 +0000, Grant Edwards wrote: > On 2017-02-04, Wildman via Python-list <python-list@python.org> wrote: >>> >>> The next time you are in the /tmp directory looking for something, can >>> you guess what happens when you mistype "ls" as "sl"? >>> >>>> DOS and Windows has searched the current directory since their >>>> beginning. Is that also dangerous? >>> >>> Yes. >> >> Your scenario assumes the malicious user has root access >> to be able to place a file into /tmp. > > Nope. /tmp is world-writable.
Yea, I realized that right after I clicked post. I was thinking of the fact that /tmp is owned by root. >> And there would have to be some reason why I would be looking around >> in /tmp. After 10 years of using Linux, it hasn't happened yet. >> And last I would have to be a complete idiot. > > To have put '.' in your path? That is something I would never do. Not because I think it is dangerous but because it had never occurred to me. Anything that I run in the current directory, I always prefix it with './' out of habit. Never thought of doing anything else. > Or to have typed 'sl' by mistake? Well, maybe not an idiot but something would have to be going on to misspell a two letter command. <g> >> I suppose all that could be a reality, but, how many computers do >> you know of have been compromised in this manor? > > I've known a few people over the years who've been caught by that > trick. The "evil" program was always more of a joke and did no real > harm. I don't consider that being compromised. Sure, you could trick someone into running a program that could mess with $HOME but that is all. For anyone, like me, that makes regular backups, that is not a big problem. To do any real damage to the system or install a key logger or some other malicious software, root access would be required. As a Linux user you already know that. That is the scenario where idiot would be the correct term. -- <Wildman> GNU/Linux user #557453 The cow died so I don't need your bull! -- https://mail.python.org/mailman/listinfo/python-list
