[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: win95 installation SECURITY
|
From: |
Millier, Marc |
|
Subject: |
RE: win95 installation SECURITY |
|
Date: |
Fri, 27 Mar 1998 14:29:54 -0800 |
Claudius is technically correct, however, the file security of Win'95 is
such
that a malicous user doesn't need to 'create a fake ls' and leave it
somewhere
so that a '.' path gets it. They could just replace the real 'ls' anywhere
on
the path.
In other words, if you have a concern about malicousness, you neet to be
running
NT, or something other than Win'95.
- Marc Millier
Intel Architecture Labs
"My opinions are my own, They don't pay me enough to express theirs..."
-----Original Message-----
From: Claudius Li [mailto:address@hidden
Sent: Friday, March 27, 1998 9:43 AM
To: address@hidden
Subject: Re: win95 installation SECURITY
I know this doesn't have anything to do with swarm directly but I had to
reply to this.
putting . (the current directory) in your path is not a very good idea.
While it does save you two keystrokes on some commands it opens a security
hole.
A malicous user could, for instance, create a fake ls. If you were ever in
that directory the fake ls would be run instead of the real one.
I'll leave it up to your imagination what this fake ls might do.
If you absolutly insist on having . in your path make sure it is the
very last item in the path list.
But again your best bet is to leave it out all together.
-Claudius Li
address@hidden
410-662-8092
PGP key at http://retina.min.net/~aprentic
On 27 Mar 1998, Marcus G. Daniels wrote:
> >>>>> "DD" == Doug Donalson <address@hidden> writes:
>
> DD> If you arn't doing this, try ./heatbugs instead of just heatbugs.
> DD> This is a quirk of unix and paths.
>
> Mostly it is just an artifact the way I prefer my PATH. To change
> this, edit the .bash_login file in the /Swarm directory and add
>
> PATH=.:$PATH
>
> to the end of the file. Then quit and restart swarm.exe.
>
> ==================================
> Swarm-Support is for discussion of the technical details of the day
> to day usage of Swarm. For list administration needs (esp.
> [un]subscribing), please send a message to <address@hidden>
> with "help" in the body of the message.
> ==================================
>
==================================
Swarm-Support is for discussion of the technical details of the day
to day usage of Swarm. For list administration needs (esp.
[un]subscribing), please send a message to <address@hidden>
with "help" in the body of the message.
==================================
==================================
Swarm-Support is for discussion of the technical details of the day
to day usage of Swarm. For list administration needs (esp.
[un]subscribing), please send a message to <address@hidden>
with "help" in the body of the message.
==================================
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- RE: win95 installation SECURITY,
Millier, Marc <=