Re: alias-like function?

[John W. Eaton]

On 15-Jan-2004, address@hidden <address@hidden> wrote:

| This is a security risk. If for any reason someone gets write-access to 
| your local ~/bin directory, they can place scripts in there that can 
| masquerade as the authentic system programs, like "passwd", etc.
| 
| Generally not recommended.

I don't ever remember hearing that having a private ~/bin directory is
a security risk.

The common PATH-related security problem on Unixy systems is to put
"." in your PATH.  Doing that opens you up to attacks from people who
might put malicious programs in places like /tmp, where you might
reasonbly want to run programs like "ls" and instead of (or in
addition to) listing the contents of /tmp, you find yourself removing
all your files, etc.

But overriding system defaults and adding new commands in your own
~/bin directory is the Unix way.

If someone can get write access to your ~/bin directory, then that is
the security problem, not whatever programs you put there yourself.

jwe



-------------------------------------------------------------
Octave is freely available under the terms of the GNU GPL.

Octave's home on the web:  http://www.octave.org
How to fund new projects:  http://www.octave.org/funding.html
Subscription information:  http://www.octave.org/archive.html
-------------------------------------------------------------