Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Unix Security for Unix Gurus

Re: Unix Security for Unix Gurus

From: Jonathan Gennick <jonathan_at_gennick.com>
Date: Thu, 28 Sep 2000 09:06:18 -0400
Message-Id: <10633.118144@fatcity.com> 





At 9/27/2000 05:30 PM -0800, you wrote:



>My question is how does setting the current directory pose a security threat?




It poses a threat because someone could create an executable that wiped the disk, name it to match a utility such as ls leave it in a bunch of working directories, and then when some superuser comes along with "." as the first directory in his path, he may issue an ls command to list files and instead invoke the bad program, which then wipes the disk.



Maybe ls is a bad command to use as an example, but I think you get the idea.



Jonathhan




Jonathan Gennick


jonathan_at_gennick.com


Brighten the corner where you are
Received on Thu Sep 28 2000 - 08:06:18 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US