From:	scarpe AT atos-group DOT com (Sebastien Carpe)
Subject:	Re: Problem with /bin mount?
11 Jan 1999 23:00:11 -0800 :
Message-ID:	<369A1E6D.B1A7952A.cygnus.gnu-win32@atos-group.com>
References:	<004501be3d25$0a16c020$c4804dd1 AT monster>
Mime-Version:	1.0
To:	Will Mooar <willm AT ihug DOT co DOT nz>, SWarsMatt AT aol DOT com
Cc:	gnu-win32 AT cygnus DOT com

Will Mooar wrote:
> I have seen people mention that this is generally a bad idea, as it may pose
> a security threat.  Unfortunately, no-one has elaborated why.  I can't see
> why it would be a problem for windows, except that it might accidentally run
> the wrong thing if two or more programs exist with the same name, but
> function differently.
The problem of . in the path is that you may type, for instance ls, and use a
"custom ls" that lies into the current directory instead of /bin/ls... then ,
the one that wrote the fake ls script is gaining your rights, since  the ls is
executed with your account and can do nasty things (stuff like adding a
..rhosts, deleting files, mailing stuff, etc...). This is a multi-user
environment issue... since cygwin is supposed to emulate such an environment,
it has the same problem... of course, if you're alone on your computer and
never mount remote file system, i'm not sure the security issue is still that
important... :)
-
For help on using this list (especially unsubscribing), send a message to
"gnu-win32-request AT cygnus DOT com" with one line of text: "help".

- Raw text -