|
| From: | Patrick Horgan |
| Subject: | Re: ver. 2.11.56 problems |
| Date: | Tue, 19 Aug 2008 13:03:34 -0700 |
| User-agent: | Thunderbird 2.0.0.16 (X11/20080724) |
Chris Snyder wrote:
This isn't as big of a deal with single-user systems, but it still is a good way to make sure that users are aware that they're not executing system-supplied software.Au contraire! If some bad guy on the internet has managed to hack any account sufficiently to install a file anywhere in your system, the same thing can happen to you. They can become you, or if you're running with root privs at the time they will own your machine. It's called privilege leveraging or privilege elevation, and is automated by scripts, so people out there that don't understand a thing can still use it to screw with you. Please, never have . (the current directory) in your PATH. For the same reason it's important to never set up your system so that you can sudo without a password.
Thanks, Patrick
| [Prev in Thread] | Current Thread | [Next in Thread] |