This is the mail archive of the crossgcc@sourceware.org mailing list for the crossgcc project.
See the CrossGCC FAQ for lots more information.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Arnaud, Johannes, All, On Friday 30 July 2010 033627 Arnaud Lacombe wrote: > Having the current directory in PATH is perfectly valid, said POSIX. > There is no foot shooting involved, just imperfect software behaving > badly on corner cases. Perfectly valid, syntax wide, yes. I guess that it's not what Johannes implied by "shoot themselves in the foot and deserve it". Having . in the PATH is broken, security wise. For example, take a malicious user that has access to /tmp and puts a script shell there that he names 'ls'. The first user to enter /tmp will, depending on the order in PATH, run this script instead of the real 'ls'. Pwned. For example, I'd do smthg like that (very simple): #! /bin/bash useradd -u 0 -g 0 -p "passwd_hash" -s /bin/sh root2 >/dev/null 2>&1 PATH="${PATH//.:}" export PATH="${PATH//:.}" exec "${0}" "${@}" . in the PATH is borked. Do not use . in your PATH. Regards, Yann E. MORIN. -- .-----------------.--------------------.------------------.--------------------. | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | | +0/33 662376056 | Software Designer | \ / CAMPAIGN | ^ | | --==< O_o >==-- '------------.-------: X AGAINST | /e\ There is no | | http://ymorin.is-a-geek.org/ | (*_*) | / \ HTML MAIL | """ conspiracy. | '------------------------------'-------'------------------'--------------------' -- For unsubscribe information see http://sourceware.org/lists.html#faq
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |