Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Unix Security for Unix Gurus

Unix Security for Unix Gurus

From: Sanjay Kumar <ora_user_at_hotmail.com>
Date: Wed, 27 Sep 2000 17:30:47 -0700
Message-Id: <10632.118097@fatcity.com>


This is a multi-part message in MIME format.

------=_NextPart_000_003F_01C028A8.AC375CA0 Content-Type: text/plain;

        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi,

I was going thru the Unix documentation and came across the following.

This is about setting PATH. The following is one of the suggestions for = setting efficient PATH.

If security is not a concern, put the current working directory (.) = first in the path.

However, including the current working directory in the path poses a = security risk

that you might want to avoid, especially for superuser.

My question is how does setting the current directory pose a security = threat?

TIA Sanjay Kumar

------=_NextPart_000_003F_01C028A8.AC375CA0 Content-Type: text/html;

        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4134.600" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial>
<P><FONT face=3D"Times New Roman" size=3D2>Hi,</FONT></P>
<P><FONT face=3D"Times New Roman" size=3D2>I was going thru the Unix =
documentation=20
and came across the following.</FONT></P>
<P><FONT face=3D"Times New Roman" size=3D2>This is about setting PATH. =
The following=20
is one of the suggestions for setting efficient PATH.</FONT></P>
<P><FONT face=3D"Times New Roman"><FONT size=3D2><STRONG>If security is =
not a=20
concern, put the current working directory (.) first in the=20 path.</STRONG></FONT></P>
<P><FONT size=3D2><STRONG>However, including the current working =
directory in the=20
path poses a security risk</STRONG></FONT></P>
<P><FONT size=3D2><STRONG>that you might want to avoid, especially for=20
superuser.</STRONG></FONT></P>
<P><FONT size=3D2>My question is how does setting the current directory =
pose a=20
security threat?</FONT></P>
<P><FONT size=3D2>TIA</FONT></P>
<P><FONT size=3D2>Sanjay =

Kumar</FONT></P></FONT></FONT></DIV></BODY></HTML> Received on Wed Sep 27 2000 - 19:30:47 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US