Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
From:	"Dave Korn" <dave DOT korn AT artimi DOT com>
To:	<cygwin AT cygwin DOT com>
Subject:	[TITTTL] RE: Sould . (current dir) be in the PATH
Date:	Thu, 15 Sep 2005 20:34:55 +0100
MIME-Version:	1.0
In-Reply-To:	<m3k6hima2e.fsf@jdb.homelinux.org>
Message-ID:	<SERRANOZQu5Snz8kxpy0000041f@SERRANO.CAM.ARTIMI.COM>

----Original Message----
>From: J. David Boyd
>Sent: 15 September 2005 19:59

> "Dave Korn" <dave DOT korn AT OHSHITHERECOMESTHESPAM> writes:

  Dave.... gentle reminder:  http://cygwin.com/acronyms#PCYMTNQREAIYR

> Sure, a totally valid point on Unix or Linux.  But on most cygwin installs
> that I know of, there is only one user, and if that user (me, for
> instance), did something that stupid, oh well...

  Well.  It's not just directly multi-user systems that are vulnerable; for
example, there must be plenty of cgi scripts on webservers out there that
create files in /tmp with content from a user's request, and if the name can
be manipulated as well.... boom!

  But this is all OT now.  If you want to carry on discussing generalised
security stuff, let's http://cygwin.com/acronyms#TITTTL.
Bock-bock-b'gaaaaawk!



    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -