[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: alias-like function?
From: |
John W. Eaton |
Subject: |
Re: alias-like function? |
Date: |
Fri, 16 Jan 2004 11:00:55 -0800 |
On 15-Jan-2004, address@hidden <address@hidden> wrote:
| This is a security risk. If for any reason someone gets write-access to
| your local ~/bin directory, they can place scripts in there that can
| masquerade as the authentic system programs, like "passwd", etc.
|
| Generally not recommended.
I don't ever remember hearing that having a private ~/bin directory is
a security risk.
The common PATH-related security problem on Unixy systems is to put
"." in your PATH. Doing that opens you up to attacks from people who
might put malicious programs in places like /tmp, where you might
reasonbly want to run programs like "ls" and instead of (or in
addition to) listing the contents of /tmp, you find yourself removing
all your files, etc.
But overriding system defaults and adding new commands in your own
~/bin directory is the Unix way.
If someone can get write access to your ~/bin directory, then that is
the security problem, not whatever programs you put there yourself.
jwe
-------------------------------------------------------------
Octave is freely available under the terms of the GNU GPL.
Octave's home on the web: http://www.octave.org
How to fund new projects: http://www.octave.org/funding.html
Subscription information: http://www.octave.org/archive.html
-------------------------------------------------------------